lightweight management of 'thousands' of zones in Bind9?
snowcrash+bind
schneecrash+bind at gmail.com
Thu Aug 30 14:15:48 UTC 2007
hi,
i run instances of split-view Bind9 9.4.1-P1 for authoritative service
at numerous locations.
at each location, we run bind9 on small, resource-thin (soekris 4801,
256MB RAM) freebsd boxes, functioning also as network-edge
router/firewalls.
as the number of domains we serve is, typically, small, the Bind9
memory footprint remains (relatively) small. currently, ~ 11Mb.
works great.
i'd now like to add a list of zones to be 'blackholed' -- e.g., a list
of adtracker-zones that i simply want to redirect A-record queries for
to a local web-server's IP.
it's, o course, fairly simple to do in bind9; example instructions for
doing such in Bind9 'alone' are at,
http://mark.foster.cc/wiki/index.php/Trackers
BUT ...
with a *long* (thousands+) list of domains, the required bind9 table
space, and corresponding memory footprint, grows huge. e.g., from the
~11Mb above to ~70Mb for a list of 'merely' 1500 zones.
so, my question is:
Is there a lighter/smaller-footprint approach to managing these zones?
i don't need "full capabilities" of Bind9 for these zones -- just an
A-record reply.
i know i can forward from within Bind9 to other lighterweight
solutions -- e.g. rbldns, dnsmasq, etc., but that approach STILL
requires the massive zone tables.
a proxy in front of Bind9 -- e.g., dnsmasq or even 'just' a script --
that replies fast/light to queries for IPs in "the ling list", and
redirects/forwards queries *not* in the list to Bind9 /could/ work ...
but that, of course, requires multiple packages for the solution.
is there any way to do this is a Bind9-only fashion?
thanks!
More information about the bind-users
mailing list