High performance DNS server configuration?
Pekka Jalonen
pekka.jalonen at iki.fi
Thu Sep 15 11:20:16 UTC 2016
Hello,
I'm looking solution for very high performance DNS server.
Background information;
We are running centos-release-6-8.el6.centos.12.3.x86_64
Hardware is Intel(R) Xeon(R) CPU E5-2620 0 @ 2.00GHz with 32 GB memory
and SSD disks (with raid controller).
We have local bind running at same box (bind, caching) with default
configuration.
Server is mail server with ~+150 K users.
Problem is procmail + postfix with rbl's (zen.spamhaus.org and others).
Really big problem are spam botnet's and some day we can get over 5-6
million messages per day or even more.
Procmail/postfix is doing every check per msg at localdns (localdns =>
rbl's) server and average check time is 1-2 sec per message and it's
too much.
We are getting very fancy error messages etc ...
named[10008]: error (connection refused) resolving
'ns1.actcorp.co.in/A/IN': 162.251.82.251#53
named[10008]: error (connection refused) resolving
'www.sleekgroup.co.uk/A/IN': 104.155.71.90#53
named[10008]: error (unexpected RCODE SERVFAIL) resolving
'sunbatheda.megabulkmessage223.com/A/IN': 8.8.8.8#53
named[10008]: error (host unreachable) resolving
'40.17.107.150.bl.emailbasura.org/A/IN': 80.38.217.151#53
named[10008]: validating @0x7ff45c04aae0: gansend4.com A: no valid
signature found
... it's slowing down system of course.
Loads are very high at server when botnets are attacking average is
about 500 or even more.
Does anyone have ideas how recude server loads because bind is problem...
Thank you for answers or ideas.
Pekka
More information about the bind-users
mailing list