bind-users Digest, Vol 1361, Issue 2

Ed LaFrance edl at connexinternet.com
Sun Nov 11 22:23:55 UTC 2012


Hi Kevin -

Well for some reason, your message and someone else's never got back to 
me, saw it in the digest instead.

I've got about 30 class C zones on this server and it's only handling 
rDNS for them; I figure theres a couple thousand actual PTR records.

I did log queries for a while and they were all legit PTR lookups. 
Here's everything in named.conf except the zones themselves:

options {
         directory "/var";
         auth-nxdomain no;
         pid-file "/var/run/named/named.pid";
         allow-recursion {
                 localnets;
         };

         allow-transfer {
             "none";
         };
};

key "rndc-key" {
         algorithm hmac-md5;
         secret "CeMgS23y0oWE20nyv0x40Q==";
};

controls {
         inet 127.0.0.1 port 953
         allow { 127.0.0.1; } keys { "rndc-key"; };
};

zone "." {
         type hint;
         file "named.root";
};

zone "0.0.127.IN-ADDR.ARPA" {
         type master;
         file "localhost.rev";
};

Here's a couple of zones, they are all pretty much the same:

acl common-allow-transfer {
};
zone "22.140.204.IN-ADDR.ARPA" {
         type master;
         file "2/22.140.204.IN-ADDR.ARPA";
         allow-transfer {
                 common-allow-transfer;
         };
         notify yes;
};
zone "3.245.173.IN-ADDR.ARPA" {
         type master;
         file "3/3.245.173.IN-ADDR.ARPA";
         allow-transfer {
                 69.89.64.5;
                 65.97.49.34;
                 common-allow-transfer;
         };
         notify yes;
};
zone "92.119.199.IN-ADDR.ARPA" {
         type master;
         file "9/92.119.199.IN-ADDR.ARPA";
         allow-transfer {
                 75.98.129.21/32;
                 75.98.129.24/32;
                 common-allow-transfer;
         };
         notify yes;
};
...etc


Thanks,

Ed

On 11/11/2012 1:57 PM, bind-users-request at lists.isc.org wrote:
> I wouldn't expect a nameserver process on Linux, hosting only a few
> reverse zones and doing nothing else, to be 71 megabytes in size; I just
> checked one of ours, serving*all*  of our internal zone data, forward
> and reverse authoritative, plus some cached data for a significant
> number of zones delegated to business partners, and it's less than 100
> Mb in size.
>
> Verify from your query logs, or by dumping cache, that it's*only*  doing
> what it is supposed to do, and no more. If you've got a bunch of data in
> your cache, or a bunch of queries, that's unrelated to serving your
> reverse DNS, then that's probably the root cause of your problem.
> Consider turning off recursion, or severely limiting it, in order to
> enforce that the nameserver is only serving its intended purpose. 2Gb of
> memory is a little lean for a nameserver serving a*generic*
> Internet-name-lookup role...
>
> I guess another possibility is that you've gone crazy with your reverse
> zones (e.g. using $GENERATE willy-nilly), and thus are using up way more
> memory than you really need, to serve your reverse-resolution needs.
>
>                                       - Kevin

-- 
(800) 362-7579 ext 1

+-------------------------------------------------------+
+ Colocation    Dedicated Servers   IPv4 & IPv6 Transit +
+-------------------------------------------------------+
Connex Internet Services, Inc.     direct: (916) 265-1568
11230 Gold Express Dr #310-313        fax: (916) 880-5663
Gold River, CA 95670            http://connexinternet.com
+-------------------------------------------------------+



More information about the bind-users mailing list