hardware requirements per hits

sthaug at nethelp.no sthaug at nethelp.no
Tue Aug 18 18:01:44 UTC 2009

> I would like to hear more about why this is so. We are currently 
> debating sending query logs to a remote syslog server to enhance some 
> security tools. We are running BIND 9.6.1-P1 with multithreading enabled 
> on RHEL 4 (2 dual-core 2.8 GHz Opterons with 1MB cache, 4G of RAM). I 
> have run some tests and while there is some queries/sec hit, the RTTs 
> are not terrible.

For small query rates it probably won't matter. However, remote syslog
could just about double the number of packets transmitted from your name
server. For higher query rates, this likely to be noticeable.

You might want to consider running a packet sniffer (tcpdump, wireshark
etc) instead, to capture the DNS queries and answers. Advantages:

- You get both queries and answers
- The actual DNS decoding can be done offline, as needed
- If you mirror the traffic from a switch, the whole process can be
completely offloaded from the name server
- The name server isn't forced to do something it wasn't built for

Steinar Haug, Nethelp consulting, sthaug at nethelp.no

More information about the bind-users mailing list