Blackholing / Load help

Mark Andrews Mark_Andrews at
Tue Nov 29 23:40:21 UTC 2005

>  >>> There is no limit other than the memory required to support it.
> So its strictly a memory thing?  We see the processor load go up greatly
> from a list of 7k to a list of 15k, so it seemed that the server got bogged
> down with a larger file.  Which made us think faster box would deal with it
> much better.

	It's a linear search.
> >> Individual addresses are treated as /32 or /128.
> >>The acl code is pretty simple.  See lib/dns/acl.c.
> Based on that and the above response the only impact of listing everything
> with a CIDR is the file becomes smaller using less memory?  But as far as
> BIND is concerned it takes the same amount of effort to process the IP
> regardless of its CIDR?  That's good to know.

	If you can consolidate entries then there are less entries to
> >>The acl code is pretty simple.  See lib/dns/acl.c. 
> Thanks for the code reference we'll check it out.
> >>I can't parse the above.  An example would help.
> Sorry was being vague.  I also meant /8 not /9.  Its not super important,
> just thought it might be a bug.
> For example if I put this into the blackhole list:
> the DNS server starts throwing SERVFAILs against any IP making a query
> against it.  But if I change that to
> or any smaller mask it behaves as expected.
> Thanks for your help Mark.
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at

More information about the bind-users mailing list