Tuning BIND servers - looking for operational experience
Greetings, BIND Operators! As the maintainers of BIND, ISC is often approached by users of our software asking about tuning for maximized performance. To assist in this, we are working on a number of knowledge base articles and we are asking for community input. The majority of "high-performance" operational experience within ISC revolves around two very specialized endeavors, F-Root (https://www.isc.org/f-root/) and the ISC Performance Lab (https://www.isc.org/blogs/isc-performance-lab/). While both of these are "high performance" offerings, the reality is that they match a very tiny demographic as far as operational usefulness goes. What I would like to ask of the community is for real-world experience - what did you do to "make BIND run better/faster/stronger"? Have you come across the "magic sysctl setting" that took your performance from 10kqps to 50kqps? Did you find anything that was detrimental to your performance that was surprising? Any interesting "sweet spots" in tunable settings that you found that might be useful to others? If you want to create a thread here, that's fine or I'm more than willing to take direct input via e-mail. Please do note that the goal of this is to create a document that assists the community-at-large and your input will be used (with credit!) to that end. Thanks! AlanC ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: suffix translation
Joel Linn wrote:
> or generate a CNAME on the fly "someservice.old.local. IN CNAME
> someservice.int.new.com." for every request it gets.
You can do this with a DNAME record :-)
i.e. set up your stunt DNS server with a zone like
zone old.local {
type master;
file "db.old.local";
};
and in db.old.local put:
$TTL 1h
old.local SOA stuntdns.int.new.com. jl.conductive.de. (
1 1h 1h 1w 1h )
NS stuntdns.int.new.com.
DNAME int.new.com.
You can configure the server to forward other queries, which should have
the proxy effect that you want.
Tony.
--
f.anthony.n.finchhttp://dotat.at/
Hebrides, Bailey, Fair Isle, Faeroes, Southeast Southeast Iceland: Easterly,
veering southwesterly, 7 to severe gale 9, then backing southerly 6 to gale 8,
occasionally storm 10 at first in Hebrides and Fair Isle. Very rough or high,
becoming very high for a time in far northeast Fair Isle. Rain or showers.
Moderate or poor, occasionally good.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
suffix translation
Hi folks, I plan to change the old.local suffix of an AD Domain (I know shame...) to int.new.com. Since it is not possible to change all references from someservice.old.local to someservice.int.new.com at once, someservice.old.local needs to stay resolvable. I played with the idea to have some sort of proxy DNS that translates the suffix. The main DNS (int.new.com) would forward all *.old.local requests to this proxy DNS (bind). The proxy DNS would either resolve those requests recursively by replacing the suffix old.local with int.new.com and contacting the main DNS, or generate a CNAME on the fly "someservice.old.local. IN CNAME someservice.int.new.com." for every request it gets. This way I could make a non disruptive migration and could fix systems over time. Does this sound like a good idea and is this even possible? Thank you, Joel ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
