Re: injecting a temp entry into dns cache
On 02/02/2013 09:41 PM, Veaceslav Revutchi wrote: There is a credit union website that our users access from work and their dns has been broken for the past few days where the www. version works, but the plain name (without the www.) points to some old IP that's not responding. Tried to call them and all I got was that they know they have some kind of problem, but they ask users to type www. in their browser until it's resolved. In situations like this I would like to be able to inject an entry into the cache on our recursive resolvers and point it to the correct IP until the domain owner fixes the problem (poison my own cache so to speak). Is this something that can be done with bind without having to create a zone for the broken domain and make our servers act as authoritative for it? You can do this with RPZ. Simply put: thebrokensite.org.your.rpz.zone. IN A working.ip.add.r ...into the RPZ zone. This will leave names *under* that zone alone. I've used RPZ this way a couple of times to fix temporary problems, but you need to be aware of the hole you can dig yourself if you end up having to do this permanently. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Performance impact of a large ACL list.
Does anyone have any experience using a large ( 1k ) entry ACL list? Was there any performance degradation? I haven't implemented my ACL yet, but it has quickly ballooned up, and I am hoping to get some advice from others in a similar situation. -- Augie Schwer-au...@schwer.us-http://schwer.us ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Performance impact of a large ACL list.
On Mon, 4 Feb 2013, Augie Schwer wrote: Does anyone have any experience using a large ( 1k ) entry ACL list? Was there any performance degradation? I haven't implemented my ACL yet, but it has quickly ballooned up, and I am hoping to get some advice from others in a similar situation. It has been a few years since I researched this. (I should re-add this to my existing performance and resource usage tests.) BIND 9.5 had various ACL improvements including support for O(1) ACL processing, based on radix tree code. As one example, with 20,000 to 100,000 ACLs some of my tests for 9.4 only has around 80 to 400 qps, while the new version has around 21,000 qps. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users