Filtering MX traffic trough BIND - any experiences?

Jim Reid jim at rfc1035.com
Fri Jun 18 11:27:44 UTC 2004


>>>>> "Joaquin" == Joaquin J Domens <jdomens at corp.terra.es> writes:

    Joaquin> This zone file should contain about millions of entries
    Joaquin> (maybe 3-4 millions) and it's about 60-80 megas,

The rough rule of thumb is each RR occupies 100 bytes of RAM. So your
estimate of this zone's memory footprint is out by a factor of 4-5.
If you'll be running BIND9, double that. BIND9 will sometimes have two
copies of the zone in memory at the same time: the one that's in use
but about to be discarded and the latest version that's just been
loaded.

    Joaquin> My questions about this are:

    Joaquin>  will BIND manage it smoothly ?

Yes. A few TLDs are bigger than this and they run just fine with BIND.

    Joaquin> I would like to know if there's any kind of restriction
    Joaquin> in BIND about that issue and if the zone transfer should
    Joaquin> be possible with that "big file"

Provided your server is big enough -- for some definition of "big
enough" -- the zone's size will be no problem for BIND.

What you will have to watch for is the zone load time. While the
server is loading the zone, it might not be answering queries. For a
small zone that loads in under a second, this is no big deal. However
it may well be important when a huge zone takes 10 minutes (say) to
load. You might need to look at running a threaded name server on a
multiprocessor or at the very least staggering the zone loads to that
not all of the servers load the new zone at the same time.

You might also want to look into incremental zone transfers. These are
enabled by default in BIND9. They mean only the changes get
transferred when the zone is updated rather than the whole zone. This
is a Big Win for massive zones that frequently update a few RRs. 

Experimenting with a database back-end might also be worth considering.
ie The name server doesn't load the whole zone into RAM, but uses some
sort of database instead. BIND-DLZ is probably the most well known of
the free/open source ones. This might be a good idea for the sort of
thing you seem to be trying to do. However, the database back-ends for
BIND9 are generally not well documented or understood. They might not
be suitable for a production service.


More information about the bind-users mailing list