BIND 9.11.0 RPZ performance issue
Phil Mayers
p.mayers at imperial.ac.uk
Tue Oct 18 08:15:45 UTC 2016
On 18/10/16 08:26, Mukund Sivaraman wrote:
> We know that IXFR with RPZ policy zones (esp. this DBL zone) causes some
> trouble due to a less than desirable design / implementation of RPZ in
> BIND. We have a plan to refactor the RPZ implementation for 9.12 to
> remove these inefficiencies.
Can you share some details on that? Because I've reported issues
triggered by an XFR of a large RPZ, specifically the Spamhaus DBL, and
I've been variously pooh-poohed and/or told "no-one else has ever
reported that".
I'm particularly interested if you're aware of a failure mode where CPU
usage can spike MASSIVELY during a large-ish IXFR and cause named to
start dropping queries.
More information about the bind-users
mailing list