BIND limits and performance questions

Brad Knowles brad.knowles at
Wed Mar 21 22:49:56 UTC 2001

At 3:10 PM -0500 3/21/01, Kevin Darcy wrote:

>  I assume you're talking about NSMAX. I don't think it's really 
>accurate to say
>  that BIND enforces this limit on "name servers in a zone". It's 
>more like BIND
>  won't *use* any nameservers for a zone beyond the first 16. If someone has 16
>  *non-functional* nameservers for a zone, chances are that the entire zone is
>  down. So it really doesn't make much of a difference in practice anyway.

	Also consider that you're going to have a very hard time cramming 
more than thirteen or so NS RRs into a 512-byte UDP packet, even with 
creative naming and the built-in domain name compression that goes 

	Once you break that 512-byte limit for something as fundamental 
as the RRset for the NS records, all holy hell will break loose 
(which is why there aren't any more than thirteen root nameservers).

	Therefore, setting an arbitrary maximum limit of 16 nameservers 
for a zone seems to be a pretty reasonable thing to do, even in these 
modern days of BINDv9.

Brad Knowles, <brad.knowles at>

/*     efdtt.c     Author:  Charles M. Hannum <root at>             */
/*                                                                         */
/*     Thanks to Phil Carmody <fatphil at> for additional tweaks.    */
/*                                                                         */
/*     Length:  434 bytes (excluding unnecessary newlines)                 */
/*                                                                         */
/*     Usage is:  cat title-key scrambled.vob | efdtt >clear.vob           */
/*     where title-key = "153 2 8 105 225" or other similar 5-byte key     */

#define m(i)(x[i]^s[i+84])<<
unsigned char x[5],y,s[2048];main(n){for(read(0,x,5);read(0,s,n=2048);write(1,s
,n))if(s[y=s[13]%8+20]/16%4==1){int i=m(1)17^256+m(0)8,k=m(2)0,j=m(4)17^m(3)9^k

More information about the bind-users mailing list