BIND Performance with Huge RPZ
G.W. Haywood
bind at jubileegroup.co.uk
Fri Jul 12 15:11:50 UTC 2013
Hi there,
On Fri, 12 Jul 2013, Arie L. Putra wrote:
> We are building a server for recursive DNS Server, this server will
> be acted as a cache for our network. (several user-side DNS Server
> will forward to this server) Using Ubuntu Server with latest BIND
> version, we are trying to have RPZ incuded in this BIND, with around
> 800k blacklisted sites.
>
> Has anyone have experience, how RPZ with huge list will impact BIND
> performance, will it reduce DNS response time? we have six DNS
> server that will point to this server, each server is serving about
> 15Mbps of DNS Traffic on peak hour.
I wonder if you've considered using iptables in addition to BIND/RPZ?
Using the ipsets extension to iptables, on very modest hardware, we
routinely block over one thousand million IP addresses with negligible
impact on performance. I understand that it's not the same thing at
all, but I still wonder if it might be of some use to you.
--
73,
Ged.
More information about the bind-users
mailing list