Minimizing cache to allow multiple named processes on one machine

Kevin Darcy kcd at daimlerchrysler.com
Wed Jan 19 23:48:44 UTC 2000 

Joost Stegeman wrote:

> Hi all,
>
> I'm looking for a way to minimize the cachesize of a named process.
>
> I'm currently designing a multi-customer private DNS server for our
> VPN services. The idea is to have multiple private DNS servers (for
> multiple customers) on one machine, where each customer is completely
> independant from the others (These DNS's are private and contain
> mainly private toplevels. Public domains are hosted on our regular DNS
> servers)
> I thought of running multiple named processes on the machine, where
> each process is bound to it's own IP address. These named processes
> would all be authoritive for their respective domains and forward all
> unknown queries to one designated (and local) named processes which
> functions as the central cache. This last process is thus the only one
> contacting the Internet (via a firewall) and should host a large
> cache, whereas the customer named processes should have a minimal
> cache to keep the memorysize of the machine within limits.
>
> My questions:
> - How do I minimize the cachesize of a named process?

As Barry suggested, you could try the "datasize" option, with something
running to restart the nameserver when it crashes. Setting a more
frequent cleaning interval might help also.

> - Is this a realistic scenario or would I be better off putting a lot
> of memory in the machine and have all of the named processes build
> their own cache?

Theoretically, that should give better performance, assuming you have the
memory to support all of those fully-loaded named processes. Whether it's
worth the cost is up to you and your customers.

> - Any suggestions?

Depending on how the "views" feature is implemented in BIND 9, it may or
may not be useful for your situation. I'm thinking that it may allow one
to "partition" a nameserver so that certain "authorized" clients would
see the authoritative data for a domain, but the same queries would be
forwarded for other clients. The big gotcha would be to make sure that
any cached data from these forwarded queries is shielded from the
"authorized" clients, otherwise they could get a mish-mosh of internal
and external data.


- Kevin

More information about the bind-users mailing list