Incremental transfers generate complete zone reloading
Fred Morris
m3047 at m3047.net
Sun Jan 15 20:36:31 UTC 2023
On Sun, 15 Jan 2023, Jesus Cea wrote:
>
> I have a huge zone receiving a constant flow of small dns updates. My
> secondaries receive notifications and transfer the zone incrementally. Cool,
> everything works as expected.
> [...]
> Ok, my updates are coming too fast (first line). No problem, the secondary
> will eventually retrieve the changes. What worries me is the last couple of
> lines: The rpz zone (big, around 800.000 domains) is being reloaded
> constantly and it takes a couple of seconds eating CPU, when the incremental
> changes are actually pretty tiny.
>
> [...] not a full zone reload taking a couple of seconds and
> sucking an entire CPU core.
Is that a fact or conjecture?
There's a lot of "marketecture" in threat indicators generally.
We can start with notifications versus polling. Secondaries can do either.
Tell me why one is better, other than the vendor says so. Polling just
does an SOA query, so two UDP packets; notify sends one. Is that extra
packet more important than control?
If this is a vendor and they're doing this why don't other customers see
this as a problem? Is this just a "tax" for dealing with that vendor? What
proof do you have that the CPU usage correlates, and that it's a problem?
What are the vendor's recommendations (for provisioning and operational
management), and are you following them?
--
Fred Morris
More information about the bind-users
mailing list