Blackholing / Load help
Mark Andrews
Mark_Andrews at isc.org
Tue Nov 29 23:40:21 UTC 2005
> >>> There is no limit other than the memory required to support it.
>
> So its strictly a memory thing? We see the processor load go up greatly
> from a list of 7k to a list of 15k, so it seemed that the server got bogged
> down with a larger file. Which made us think faster box would deal with it
> much better.
It's a linear search.
> >> Individual addresses are treated as /32 or /128.
> >>The acl code is pretty simple. See lib/dns/acl.c.
>
> Based on that and the above response the only impact of listing everything
> with a CIDR is the file becomes smaller using less memory? But as far as
> BIND is concerned it takes the same amount of effort to process the IP
> regardless of its CIDR? That's good to know.
If you can consolidate entries then there are less entries to
search.
> >>The acl code is pretty simple. See lib/dns/acl.c.
>
> Thanks for the code reference we'll check it out.
>
> >>I can't parse the above. An example would help.
>
> Sorry was being vague. I also meant /8 not /9. Its not super important,
> just thought it might be a bug.
>
> For example if I put this into the blackhole list:
>
> 192.0.0.0/8
> the DNS server starts throwing SERVFAILs against any IP making a query
> against it. But if I change that to
>
> 192.0.0.0/9 or any smaller mask it behaves as expected.
>
> Thanks for your help Mark.
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list