Re: 1000's of zone using the same zone file in a blacklist
Steven Carr schreef op 15-9-2014 om 4:07: On 15 September 2014 02:56, Pieter De Wit pie...@insync.za.net wrote: Is there any way we can reduce the memory footprint/optimize this any more ? Look ups are really fast and not a problem, just reload time and memory used. Look into using an RPZ instead of individual zone blacklists. Single zone file will load much faster than thousands of zones. and here is an howto on RPZ https://app.younited.com/?shareObject=c0618d32-d5f6-e279-34d9-654ac7bb886a Steve ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- Vriendelijke groet, Hans-Cees Speel (hansc...@hanscees.com) * Snelheid A73 Dukenburg/Nijmegen NIET naar 130! http://a73nijmegen.blogspot.com/ * Eigenaar bomengids.nl http://www.bomengids.nl (volg twitter http://twitter.com/bomengidsnl) * Voorzitter Bewonersvereniging Hart van de Weezenhof http://www.bewoners-weezenhof.nl, wij maken samen onze huizen energiezuinig, zie deze blog http://energie-weezenhof-bhw.blogspot.nl/ * Bestuurslid Stichting De Zevensprong Dukenburg http://www.zevensprongdukenburg.nl/ en lid werkgroep Groen en Cultuurhistorie * Linked-in profile Hans-Cees http://nl.linkedin.com/in/hanscees ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
1000's of zone using the same zone file in a blacklist
Hi List,
We are currently looking at using Bind in a DNS blacklist setup to block
adult content from a network. We can scale outwards as far as we want,
but it's the up sizing that has me worried.
Here is a sample of the zone definitions (names changed :) ):
zone domain1 { type master; file blocked_domain.zone; };
zone domain2 { type master; file blocked_domain.zone; };
zone domain3 { type master; file blocked_domain.zone; };
repeat that about 475000 times (not joking)
This causes named to use about 7gig of RAM and a reload time of about
+30 seconds. The conf file is 42meg big.
The zone that is loaded simply has the following:
$TTL600
@ IN SOA dns.domain dns.domain. (
2014091101
600
300
600
75 )
@ IN NS dns.domain.
@ IN A 127.1.1.1
* IN A 127.1.1.1
We are using the stock bind built by Ubuntu for 14.04, version
9.9.5.dfsg-3 to be exact.
Is there any way we can reduce the memory footprint/optimize this any
more ? Look ups are really fast and not a problem, just reload time and
memory used.
Thanks,
Pieter
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: 1000's of zone using the same zone file in a blacklist
On 15 September 2014 02:56, Pieter De Wit pie...@insync.za.net wrote: Is there any way we can reduce the memory footprint/optimize this any more ? Look ups are really fast and not a problem, just reload time and memory used. Look into using an RPZ instead of individual zone blacklists. Single zone file will load much faster than thousands of zones. Steve ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
