Howdy!
I'm building a new box to run my SA Masschecks and one of the things I'm
looking at is DNS resolution. I run a local instance of unbound
dedicated to this machine, and I'm thinking it makes sense to increase
the cache-min-ttl to an hour.
While I wouldn't normally suggest running this in production for a live
mail server, this resolver is dedicated to SA Masschecking, which by
it's nature is working with email that is anywhere from hours to months
old, so I don't feel like there will be any harm in over-caching DNSBLs.
At cache-min-ttl 900, I'm seeing much higher cache hits than I was
seeing without defining a minimum, currently:
total.num.queries=674702
total.num.cachehits=588015
total.num.cachemiss=86687
total.num.prefetch=7703
The .prefetch count tells me that I would increase my cache
effectiveness by increasing the amount of data I can cache, although the
existing cache rate isn't exactly terrible.
I also need to study the various cache-sizes, can anyone provide any
recommendations? My current thinking is to start around:
msg-cache-size: 64m
rrset-cache-size: 128m
key-cache-size: 128m
neg-cache-size: 128m
I've done a daily and a weekly run on the new box, currently I have 2GB
of RAM available to it and I'm floating around 400MB free, and another
800MB buff/cache, so I don't believe I'm RAM constrained and therefore
I'm content to simply throw memory at the caches.
Can anyone think of any potential harm, given that the cache entries
will always expire between weekly masscheck runs?
The only other thing that came to mind was whether the daily or weekly
rulesets use DNS to verify their validity like SpamAssassin does, but as
far as I can tell, masscheck just uses rsync and doesn't care about DNS
for versioning (just for finding the rsync server, obviously)
Thoughts?
