BIND Performance with Huge RPZ
Phil Mayers
p.mayers at imperial.ac.uk
Fri Jul 12 10:34:43 UTC 2013
On 12/07/13 11:11, Arie L. Putra wrote:
> Has anyone have experience, how RPZ with huge list will impact BIND
> performance, will it reduce DNS response time? we have six DNS server
> that will point to this server, each server is serving about 15Mbps of
> DNS Traffic on peak hour.
We don't have that kind of load, but we do have a large (~550k) RPZ
setup. It doesn't seem to have any noticeable performance impact,
although I should note we're running bind 9.9.2 with the RRL+RPZ
patches, which contain some RPZ performance improvements in certain configs:
http://ss.vix.su/~vjs/rrlrpz.html
Our query load is in the 400-800qps range, with occasional spikes to
>1500qps.
I had a few problems with RPZ in the past, and it was suggested that our
using bind 9.8 (at the time) might have been an issue; we never
determined the exact cause, but they don't seem to have recurred on 9.9.
More information about the bind-users
mailing list