BIND Performance with Huge RPZ

Phil Mayers p.mayers at imperial.ac.uk
Fri Jul 12 10:34:43 UTC 2013


On 12/07/13 11:11, Arie L. Putra wrote:

> Has anyone have experience, how RPZ with huge list will impact BIND
> performance, will it reduce DNS response time? we have six DNS server
> that will point to this server, each server is serving about 15Mbps of
> DNS Traffic on peak hour.

We don't have that kind of load, but we do have a large (~550k) RPZ 
setup. It doesn't seem to have any noticeable performance impact, 
although I should note we're running bind 9.9.2 with the RRL+RPZ 
patches, which contain some RPZ performance improvements in certain configs:

http://ss.vix.su/~vjs/rrlrpz.html

Our query load is in the 400-800qps range, with occasional spikes to 
 >1500qps.

I had a few problems with RPZ in the past, and it was suggested that our 
using bind 9.8 (at the time) might have been an issue; we never 
determined the exact cause, but they don't seem to have recurred on 9.9.


More information about the bind-users mailing list