Filtering MX traffic trough BIND - any experiences?

Fri Jun 18 12:40:57 UTC 2004

Hi,
thanks for your quick response ....

Reading your post I assume that this should be better achieved with BIND9,
but on the other hand it will consume much more RAM, maybe double ?.

I have all BIND8 boxes on production, but I'm no afraid of installing BIND9
for this issue, or should I? :)

Assuming the server will be for that issue only, it's ok to talk about 1-2
GB of RAM to do the work ?

Thanks,
Joaquin

"Jim Reid" <jim at rfc1035.com> escribió en el mensaje
news:cauk9a$qnb$1 at sf1.isc.org...
> >>>>> "Joaquin" == Joaquin J Domens <jdomens at corp.terra.es> writes:
>
>     Joaquin> This zone file should contain about millions of entries
>     Joaquin> (maybe 3-4 millions) and it's about 60-80 megas,
>
> The rough rule of thumb is each RR occupies 100 bytes of RAM. So your
> estimate of this zone's memory footprint is out by a factor of 4-5.
> If you'll be running BIND9, double that. BIND9 will sometimes have two
> copies of the zone in memory at the same time: the one that's in use
> but about to be discarded and the latest version that's just been
> loaded.
>
>     Joaquin> My questions about this are:
>
>     Joaquin>  will BIND manage it smoothly ?
>
> Yes. A few TLDs are bigger than this and they run just fine with BIND.
>
>     Joaquin> I would like to know if there's any kind of restriction
>     Joaquin> in BIND about that issue and if the zone transfer should
>     Joaquin> be possible with that "big file"
>
> Provided your server is big enough -- for some definition of "big
> enough" -- the zone's size will be no problem for BIND.
>
> What you will have to watch for is the zone load time. While the
> server is loading the zone, it might not be answering queries. For a
> small zone that loads in under a second, this is no big deal. However
> it may well be important when a huge zone takes 10 minutes (say) to
> load. You might need to look at running a threaded name server on a
> multiprocessor or at the very least staggering the zone loads to that
> not all of the servers load the new zone at the same time.
>
> You might also want to look into incremental zone transfers. These are
> enabled by default in BIND9. They mean only the changes get
> transferred when the zone is updated rather than the whole zone. This
> is a Big Win for massive zones that frequently update a few RRs.
>
> Experimenting with a database back-end might also be worth considering.
> ie The name server doesn't load the whole zone into RAM, but uses some
> sort of database instead. BIND-DLZ is probably the most well known of
> the free/open source ones. This might be a good idea for the sort of
> thing you seem to be trying to do. However, the database back-ends for
> BIND9 are generally not well documented or understood. They might not
> be suitable for a production service.
>