BIND Performance with Huge RPZ
Chris Buxton
clists at buxtonfamily.us
Fri Jul 12 16:13:50 UTC 2013
On Jul 12, 2013, at 3:11 AM, Arie L. Putra <arielp at smartfren.com> wrote:
> We are building a server for recursive DNS Server, this server will be acted as a cache for our network. (several user-side DNS Server will forward to this server)
> Using Ubuntu Server with latest BIND version, we are trying to have RPZ incuded in this BIND, with around 800k blacklisted sites.
>
> Has anyone have experience, how RPZ with huge list will impact BIND performance, will it reduce DNS response time? we have six DNS server that will point to this server, each server is serving about 15Mbps of DNS Traffic on peak hour.
>
> this server is a Ubuntu box with 2 Xeon (total of 12 core, 24 if include HT), 16GB RAM.
I've seen well over 1 million entries in an RPZ. The performance impact with BIND 9.8 was noticeable but not horrible. The memory requirements were roughly 300 MB for this one zone, compared to over 3 GB for the equivalent in the form of somewhere north of 500 thousand individual zones (two A records each, for the zone apex and a wildcard, all loading from the same file).
I'm not used to considering DNS traffic in terms of Mb/s (nor MB/s). I'm more used to considering q/s. The servers with the aforementioned RPZ each handled a relatively large number of queries, possibly as high as 20Kq/s. In my experience, it's impossible to know how a given server will perform without seeing all of the configuration, as lots of configuration settings can impact performance. Once such example is query logging to file (instead of to syslog), which can completely gut performance.
Regards,
Chris Buxton
BLUECAT
More information about the bind-users
mailing list