named.conf splitting

Chris Buxton chris.p.buxton at gmail.com
Fri Feb 17 15:11:11 UTC 2012


Yes, it's quite possible to split named.conf into separate per-zone .conf files and then 'include' them back into named.conf. You can even put the list of include statements in a separate file, and then include that into named.conf.

named.conf:

options {
	[...]
}
include "/path/to/etc/zones.conf";


zones.conf:

include "/path/to/etc/zone1.conf";
include "/path/to/etc/zone2.conf";
[...]

I've seen this done with hundreds of thousands of zones. Performance does not seem to be significantly impacted by breaking up named.conf into included files. The loading time for named in this case will be dominated by the time load actual zones, which involves allocating memory and building a tree structure in memory.

Use the latest versions of BIND for fastest loading of this number of zones. See Evan Hunt's blog posts on the topic:

http://www.isc.org/community/blog/201107/major-improvement-bind-9-startup-performance
http://www.isc.org/community/blog/201107/isc-bind-981b3-provides-startup-performance-improvements

Regards,
Chris Buxton
BlueCat Networks

On Feb 17, 2012, at 1:24 AM, Nick Edwards wrote:

> Hi,
> In a recent discussion on another list, it was discussed the pros and
> cons of splitting the main conf file to a per domain.
> 
> In binds case it would be  to /etc/named.d/*.conf
> So each zone would have a file in that directory containing only the
> relevant info
> eg:
> 
> zone "example.com" {
>        type master;
>        allow-transfer { slavesdns; };
>        file "example.com.signed";
>        allow-query { any; };
>        allow-update { none; };
> };
> 
> thats it, nothing more, rather than having 2000 entries in named.conf,
> we would have 2000 conf file to be read (yes in addition to the 2000
> actual zone files.
> 
> with apache it takes only 2 or so more seconds to start and reload
> doing it this way, so I know that bind will take longer, it has to
> with all those  open/read/close files, at present bind starts up in
> about 9 seconds due 17K zones, so I'd imagine this would take even up
> to 15 seconds.
> 
> My question is, has anyone done this with success or failure?
> Would a named developer know if its safe or detrimental to do this?
> or would it simply make no difference apart from the extra time for
> starts/reloads?
> 
> 
> (This came about on another list, because we load all hosts  on apache
> in one file (2000 per box)  recently something went wrong with sshfs
> during a transaction, and in  deleting a vhost block it took out about
> 100 of them :)  so we are looking at making things a bit more
> failsafe, my opinion is, if it can happen once, it can happen again,
> it could have happened to a zone file, but luckily only the web conf
> file.
> 
> Thoughts anyone?
> 
> Thanks
> Niki
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> 
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users




More information about the bind-users mailing list