Zitat von daniela daniela <[email protected]>:
Thank you a lot Andreas,
The optimal cache size is easy: As much as you can provide without impacting
other services on the machine. On the other hand even a too small cache
whith Unbound have to purge results not expired yet, doesn't harm too much
beside in corner cases.
I am very puzzled because even on my old netbook which has only 2GB
ram, unbound (with standard parameters) is only 132 KB. So of course I
have the strong desire to drastically increase, but being pretty
clueless, I am also wary :)
You should keep the following in mind:
- The Unbound memory values are borders Unbound should not cross but
in the ideal case are never reached
- DNS records are small and even some "tiny" MB can hold a lot of
them, so the maximum cache size is often bigger as it needs to be
- Even if the cache boundery is hit the performance impact is
typically low because the entries Unbound is forced to expire early
are rarely used anyway
Not sure what you mean with "physically located". The cache is obviously in
the machine RAM, but if you ask for the network location of the machine you
should always get a close to your border router as possible.
Thank you a lot, sorry for my bad english. So it would be better to
have the LAN query a machine / gateway which runs the service, as
opposed to activating the service on each machine to take care of
itself?
Yes of course. The LAN latency is low and the more clients you have,
the higher the cance that a DNS record is cached because of a previous
question from an other client. That's the whole point of a cache to
prevent asking the same question again across the slow internet link.
One more question, is there a way to feed data to unbound cache? Such
as blacklists or already resolved whitelists? I can only imagine the
brute force and crude method of inserting a huge load of stuff into
HOSTS file, run a script that calls all those IPs while I supposedly
sleep (do we ever sleep?), then feed it another chunk until it's all
done. More elegant solutions?
IMHO pre-warm the cache is not as useful as one might think. Many DNS
records have a low TTL and are therefore expired before you will
actually use them. You might try to set "prefetch: yes" to see if it
helps in your case.
Regards
Andreas
_______________________________________________
Unbound-users mailing list
[email protected]
http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
