Blackholing / Load help

[Mark Andrews]

>  >>> There is no limit other than the memory required to support it.
> 
> So its strictly a memory thing?  We see the processor load go up greatly
> from a list of 7k to a list of 15k, so it seemed that the server got bogged
> down with a larger file.  Which made us think faster box would deal with it
> much better.

	It's a linear search.
 
> >> Individual addresses are treated as /32 or /128.
> >>The acl code is pretty simple.  See lib/dns/acl.c.
> 
> Based on that and the above response the only impact of listing everything
> with a CIDR is the file becomes smaller using less memory?  But as far as
> BIND is concerned it takes the same amount of effort to process the IP
> regardless of its CIDR?  That's good to know.

	If you can consolidate entries then there are less entries to
	search.
 
> >>The acl code is pretty simple.  See lib/dns/acl.c. 
> 
> Thanks for the code reference we'll check it out.
> 
> >>I can't parse the above.  An example would help.
> 
> Sorry was being vague.  I also meant /8 not /9.  Its not super important,
> just thought it might be a bug.
> 
> For example if I put this into the blackhole list:
> 
> 192.0.0.0/8    
> the DNS server starts throwing SERVFAILs against any IP making a query
> against it.  But if I change that to
> 
> 192.0.0.0/9 or any smaller mask it behaves as expected.
> 
> Thanks for your help Mark.
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org