Blackholing / Load help
scottm at newedgenetworks.com
Tue Nov 29 22:03:57 UTC 2005
For a multitude of reasons we are managing a very large blackhole list on
our DNS servers. One of the reasons i mentioned a month or so ago in this
list in that we get a huge number of bogus ANY ANY queries to our servers
from DNS attacks. Anyway not what I'm here to discuss.
What I'm wondering is if there is a limitation to the size of the blackhole
list and is it's size directly proportional to processing power.
For example, if we have 15,000 ip's in that list and the servers are having
trouble answering queries (often failling to respond) will increase the
power of the machine processor and memory wise help that problem, or is the
problem inherit within the BIND applicatoin and it just can't process a file
Also i know you can subnet the entries in that file. Does that help or
hinder BIND when processing the file? If i have 15,000 individual IP's
versus say 10,000 CIDR listings which is easier for BIND to process.
Any help would be much appreciated. We are on the verge of throwing new
machines out onto network nationwide and I want to size them accordingly.
Also seperately did anyone know that you can not put a CIDR less the /9 in
the blackhole list? If you do bind immediatly throws SERVFAIL on any query
you try to make from any IP.
sr. systems engineer
v:360/759/9605 | f:360/906/9824
-. . ...- . .-. .- .-. --. ..- . .-- .. - .... .- -. .. -.. .. --- -
.-.-.- - .... . -.-- -.. .-. .- --. -.-- --- ..- -.. --- .-- -. -
--- - .... . .. .-. .-.. . ...- . .-.. - .... . -. -... . .- -
-.-- --- ..- .-- .. - .... . -..- .--. . .-. .. . -. -.-. . .-.-.-
Find me on googleIM @ srv1054
- "ACK and you shall receive."
- "In The Beginning there was nothing, which exploded"
More information about the bind-users