bind-users Digest, Vol 1361, Issue 2
Ed LaFrance
edl at connexinternet.com
Sun Nov 11 22:23:55 UTC 2012
Hi Kevin -
Well for some reason, your message and someone else's never got back to
me, saw it in the digest instead.
I've got about 30 class C zones on this server and it's only handling
rDNS for them; I figure theres a couple thousand actual PTR records.
I did log queries for a while and they were all legit PTR lookups.
Here's everything in named.conf except the zones themselves:
options {
directory "/var";
auth-nxdomain no;
pid-file "/var/run/named/named.pid";
allow-recursion {
localnets;
};
allow-transfer {
"none";
};
};
key "rndc-key" {
algorithm hmac-md5;
secret "CeMgS23y0oWE20nyv0x40Q==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
zone "." {
type hint;
file "named.root";
};
zone "0.0.127.IN-ADDR.ARPA" {
type master;
file "localhost.rev";
};
Here's a couple of zones, they are all pretty much the same:
acl common-allow-transfer {
};
zone "22.140.204.IN-ADDR.ARPA" {
type master;
file "2/22.140.204.IN-ADDR.ARPA";
allow-transfer {
common-allow-transfer;
};
notify yes;
};
zone "3.245.173.IN-ADDR.ARPA" {
type master;
file "3/3.245.173.IN-ADDR.ARPA";
allow-transfer {
69.89.64.5;
65.97.49.34;
common-allow-transfer;
};
notify yes;
};
zone "92.119.199.IN-ADDR.ARPA" {
type master;
file "9/92.119.199.IN-ADDR.ARPA";
allow-transfer {
75.98.129.21/32;
75.98.129.24/32;
common-allow-transfer;
};
notify yes;
};
...etc
Thanks,
Ed
On 11/11/2012 1:57 PM, bind-users-request at lists.isc.org wrote:
> I wouldn't expect a nameserver process on Linux, hosting only a few
> reverse zones and doing nothing else, to be 71 megabytes in size; I just
> checked one of ours, serving*all* of our internal zone data, forward
> and reverse authoritative, plus some cached data for a significant
> number of zones delegated to business partners, and it's less than 100
> Mb in size.
>
> Verify from your query logs, or by dumping cache, that it's*only* doing
> what it is supposed to do, and no more. If you've got a bunch of data in
> your cache, or a bunch of queries, that's unrelated to serving your
> reverse DNS, then that's probably the root cause of your problem.
> Consider turning off recursion, or severely limiting it, in order to
> enforce that the nameserver is only serving its intended purpose. 2Gb of
> memory is a little lean for a nameserver serving a*generic*
> Internet-name-lookup role...
>
> I guess another possibility is that you've gone crazy with your reverse
> zones (e.g. using $GENERATE willy-nilly), and thus are using up way more
> memory than you really need, to serve your reverse-resolution needs.
>
> - Kevin
--
(800) 362-7579 ext 1
+-------------------------------------------------------+
+ Colocation Dedicated Servers IPv4 & IPv6 Transit +
+-------------------------------------------------------+
Connex Internet Services, Inc. direct: (916) 265-1568
11230 Gold Express Dr #310-313 fax: (916) 880-5663
Gold River, CA 95670 http://connexinternet.com
+-------------------------------------------------------+
More information about the bind-users
mailing list