What kind of hardware?

[Brad Knowles]

At 2:24 PM +0100 3/8/01, Eivind Olsen wrote:

>  Anyone have any good suggestions as to what is most important when
>  setting up a caching-only DNS using BIND 8 or 9? It will be used by a
>  few mailservers etc. Should I focus on much memory? I suppose I won't
>  need extreme amounts of diskspace? A fast processor will always help,
>  right?

	More memory will help, as you'll be able to hold the entire 
database in RAM and you won't have to do garbage collection too 
often.  I'd want a machine with enough RAM that I could dedicate at 
least 128-256MB to the named process.

	Note that BIND 8 is still quite a bit faster than BIND 9, at the 
moment.  However, BIND 8 still has some problems with being "blind" 
and not answering queries while it is loading zones, while BIND 9 is 
multi-threaded and will start trying to answer queries as soon as it 
is started, while other threads run in the background loading the 
zones, etc....

	Thus, BIND 8 wants a fast machine with a single processor, while 
BINDv9 can work with a slower machine with multiple processors.  If 
you want the maximum in speed, you can run multiple BIND 8 processes 
on a multi-processor machine, and each copy is bound to listening to 
a different IP address.


	Now, one thing I do on all mail servers I configure, is to have a 
set of high-speed centralized nameservers, but I also run a 
forwarding caching nameserver on each mail server.  Each machine will 
look first to itself and see if it has the necessary information 
already cached, and if so then you need not go any further.  If the 
information is not cached locally, the query will be forwarded to the 
central set of nameservers, which are more likely to have that 
information.

	This also helps ensure that all local caching nameservers have 
the same "picture" of the DNS as everyone else -- either through the 
information cached locally, or through the central nameservers to 
which the queries may be forwarded.

	Under no circumstances should you run caching-only nameservers on 
each mail server *without* a centralized set of caching nameservers 
to which unknown queries are forwarded, because the one thing users 
hate above all else is inconsistency -- if they just successfully 
sent mail to a particular address five minutes ago, they want to be 
able to successfully send mail to that address again.  Having mail 
work or not, depending on which server the mail may be routed 
through, is a very sure way to go out of business very quickly.


>  Also - are there any things I should keep in mind when setting up a
>  chroot'ed BIND running as non-root user under Solaris 2.6 or newer? Any
>  tweaks etc. that I should do right away?

	Solaris really isn't the fastest available OS for running BIND, 
but I believe that Solaris 7 should be at least reasonably fast on 
the right hardware (they recently implemented the same Mentat TCP/IP 
stack that had done so much for Digital Unix/Tru64, but I don't 
remember in which version of Solaris this was done).

--
Brad Knowles, <brad.knowles at skynet.be>

#!/usr/bin/perl -w
# 531-byte qrpff-fast, Keith Winstein and Marc Horowitz <sipb-iap-dvd at mit.edu>
# MPEG 2 PS VOB file on stdin -> descrambled output on stdout
# arguments: title key bytes in least to most-significant order
# Usage:
# qrpff 153 2 8 105 225 /mnt/dvd/VOB_FILE_NAME | extract_mpeg2 | mpeg2_dec -
$_='while(read+STDIN,$_,2048){$a=29;$b=73;$c=142;$t=255;@t=map{$_%16or$t^=$c^=(
$m=(11,10,116,100,11,122,20,100)[$_/16%8])&110;$t^=(72, at z=(64,72,$a^=12*($_%16
-2?0:$m&17)),$b^=$_%64?12:0, at z)[$_%8]}(16..271);if((@a=unx"C*",$_)[20]&48){$h
=5;$_=unxb24,join"", at b=map{xB8,unxb8,chr($_^$a[--$h+84])}@ARGV;s/...$/1$&/;$
d=unxV,xb25,$_;$e=256|(ord$b[4])<<9|ord$b[3];$d=$d>>8^($f=$t&($d>>12^$d>>4^
$d^$d/8))<<17,$e=$e>>8^($t&($g=($q=$e>>14&7^$e)^$q*8^$q<<6))<<9,$_=$t[$_]^
(($h>>=8)+=$f+(~$g&$t))for at a[128..$#a]}print+x"C*", at a}';s/x/pack+/g;eval