lightweight management of 'thousands' of zones in Bind9?

snowcrash+bind schneecrash+bind at gmail.com
Thu Aug 30 14:15:48 UTC 2007


hi,

i run instances of split-view Bind9 9.4.1-P1 for authoritative service
at numerous locations.

at each location, we run bind9 on small, resource-thin (soekris 4801,
256MB RAM) freebsd boxes, functioning also as network-edge
router/firewalls.

as the number of domains we serve is, typically, small, the Bind9
memory footprint remains (relatively) small.  currently, ~ 11Mb.

works great.

i'd now like to add a list of zones to be 'blackholed' -- e.g., a list
of adtracker-zones that i simply want to redirect A-record queries for
to a local web-server's IP.

it's, o course, fairly simple to do in bind9; example instructions for
doing such in Bind9 'alone' are at,

       http://mark.foster.cc/wiki/index.php/Trackers


BUT ...

with a *long* (thousands+) list of domains, the required bind9 table
space, and corresponding memory footprint, grows huge.  e.g., from the
~11Mb above to ~70Mb for a list of 'merely' 1500 zones.

so, my question is:

       Is there a lighter/smaller-footprint approach to managing these zones?

i don't need "full capabilities" of Bind9 for these zones -- just an
A-record reply.

i know i can forward from within Bind9 to other lighterweight
solutions -- e.g. rbldns, dnsmasq, etc., but that approach STILL
requires the massive zone tables.

a proxy in front of Bind9 -- e.g., dnsmasq or even 'just' a script --
that replies fast/light to queries for IPs in "the ling list", and
redirects/forwards queries *not* in the list to Bind9 /could/ work ...
but that, of course, requires multiple packages for the solution.

is there any way to do this is a Bind9-only fashion?

thanks!



More information about the bind-users mailing list