1000's of zone using the same zone file in a blacklist

Pieter De Wit pieter at insync.za.net
Mon Sep 15 01:56:08 UTC 2014


Hi List,

We are currently looking at using Bind in a DNS blacklist setup to block 
adult content from a network. We can scale outwards as far as we want, 
but it's the up sizing that has me worried.

Here is a sample of the zone definitions (names changed :) ):

zone "domain1" { type master; file "blocked_domain.zone"; };
zone "domain2" { type master; file "blocked_domain.zone"; };
zone "domain3" { type master; file "blocked_domain.zone"; };

repeat that about 475000 times (not joking)

This causes named to use about 7gig of RAM and a reload time of about 
+30 seconds. The conf file is 42meg big.

The zone that is loaded simply has the following:

$TTL    600
@       IN      SOA     dns.domain   dns.domain. (
                 2014091101
                 600
                 300
                 600
                 75 )

@       IN      NS      dns.domain.
@       IN      A       127.1.1.1
*       IN      A       127.1.1.1

We are using the stock bind built by Ubuntu for 14.04, version 
9.9.5.dfsg-3 to be exact.

Is there any way we can reduce the memory footprint/optimize this any 
more ? Look ups are really fast and not a problem, just reload time and 
memory used.

Thanks,

Pieter


More information about the bind-users mailing list