Bind9 - Tuning

Flex Banana flex.banana at bluewin.ch
Mon Mar 27 07:01:18 UTC 2017 

Hi Filho,

We have used bind as a server for many years in a VM with a single CPU and 2 Go RAM with almost default settings.

Here is the options of our config

options {
	directory "/var/lib/named";
	managed-keys-directory "/var/lib/named/dyn/";
	zone-statistics yes;
	statistics-file "/var/lib/named/log/named.stats";
	dump-file "/var/log/named_dump.db";
	forwarders { x.x.x.x; x.x.x.x; };
	listen-on port 53 { 192.168.4.160; };
	allow-query { any; };
	notify yes;
	allow-transfer { 10.91.76.0/24; 192.168.1.0/24; 192.168.2.0/24; 192.168.3.0/24; 192.168.4.0/24; };
	empty-zones-enable no;
	recursive-clients 20000;
	tcp-clients 20000;
        check-names master ignore;
        check-names slave ignore;
        check-names response ignore;
};


The server is used in a MAN network in Switzerland, for more than 10’000 computers.
8 to 10 millions query per day without any performance issue.


Best regards
Stefano


> On 22 Mar 2017, at 05:21, Filho Arrais <kuruminbranco at gmail.com <mailto:kuruminbranco at gmail.com>> wrote:
> 
> Hello,
> 
> I have a 9.9.5 recursive bind server running on Debian 8 at an internet provider. The peak reaches 3,000 queries, that number will be much greater when we put more customers to use dns.
> 
> Please could suggest bind adjustments, security tips, and kernel improvements for better performance. Any tip for improvement is welcome. Currently we do not serve IPv6, but we will be in production soon.
> 
> The server is a VM with 4 vcore and 4 gb of RAM, which can be upgraded, if necessary.
> 
> /etc/bind/named.conf.options
> 
> options {
>         directory "/var/cache/bind";
>         version "unknown";
>         recursive-clients 10000;
>         tcp-clients 1000;
>         zone-statistics yes;
>         listen-on port 53 { any; };
>         allow-query     { any; };
>         allow-query-cache { any; };
>         minimal-responses yes;
>         dnssec-enable no;
>         dnssec-validation no;
>         auth-nxdomain no;
>         allow-recursion  {      127.0.0.1;
>                                 177.0.0.0/18 <http://177.0.0.0/18>;
>                          };
>         recursion yes;
> };
> 
> 
> /etc/default/bind9
> 
> # run resolvconf?
> RESOLVCONF=yes
> 
> # startup options for the server
> OPTIONS="-4 -u bind"
> 
> -- 
> Filho Arrais  
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users <https://lists.isc.org/mailman/listinfo/bind-users> to unsubscribe from this list
> 
> bind-users mailing list
> bind-users at lists.isc.org <mailto:bind-users at lists.isc.org>
> https://lists.isc.org/mailman/listinfo/bind-users <https://lists.isc.org/mailman/listinfo/bind-users>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20170327/a20dbebe/attachment.html>

More information about the bind-users mailing list