Configuration for a very high traffic DNS server
Stefan Schmidt
s.schmidt--bind at mcbone.net
Mon Sep 11 11:30:53 UTC 2006
On Mon, Sep 11, 2006 at 02:57:20PM +0530, Ramprasad wrote:
> We run antispam services using Spamassassassin for our clients. We
> get upto 20000 mails per hour per server. All servers are Centos Boxes
> running bind 9.2 with Dual Xeon + 4GB Ram
>
> Most of the effective SA tests are DNS based , and a lot of lists are
> served locally. The number of dns requests are more than 100-250 per
> second ( I can see numbers using dnstop )
For our mailservers we use bind9 listening to queries from localhost on
each of them that are configured to forward-first for any of the DNSBL
Zones we use. The DNSBL Zones themselves are served by a rbldnsd [1]
cluster behind a loadbalancer. Our postmasters run the local binds and i
do the rbldnsd cluster as well as the backup recursive nameservers,
works fine for us. (much more mails/s but we don't use SpamAsssassin)
You might want to graph [2] how much queries/s you really have from binds
internal counters, dnstop is quite resourcehungry so its not really a
thing to have running all day.
> How do I use the caching-only DNS server optimally.
> Is it a good idea to have a central DNS server with all other servers
> connecting to this machine. The DNS Cache hit will be very high .. but
> so will be the number of open sockets.
Well SPOFs are always bad. I can tell you that on recent hardware bind9
can do far more than 500 queries per second - the number of open sockets
is not really an issue as most DNSBL queries will be UDP and really
short. If you use netfilter net.ipv4.netfilter.ip_conntrack_max might
need a little bump up and if you're desperately loaded fiddling with
net.ipv4.netfilter.ip_conntrack_udp_timeout might give you some air.
If you really want a central recursing nameserver i strongly recommend
using loadbalancing for loadsharing and redundance.
Have a look at our loadbalancer setup [3] its fairly easy and just
rocks.
> Is there any special High traffic bind readme. Somthing like using a
> RAMDISK for DNS Cache etc
Well there is no official high performance bind documentation whatsoever
that i know off. This link [4] shows how i solved my bind9 load issues
about a year ago.
As for the RAMDISK - err no, bind and any other nameserver software i
know already stores its cache in ram only, there is no use in adding
another layer (vfs, blockio?) to it.
Stefan
[1] http://www.corpit.ru/mjt/rbldnsd.html
[2] http://www.campin.net/DNS/graph.html
[3] http://kb.linuxvirtualserver.org/wiki/Building_Scalable_DNS_Cluster_using_LVS
[4] http://zaphods.net/~zaphodb/high-performance-bind9.html
More information about the bind-users
mailing list