BIND 9.11.0 RPZ performance issue

Phil Mayers p.mayers at
Tue Oct 18 08:15:45 UTC 2016

On 18/10/16 08:26, Mukund Sivaraman wrote:

> We know that IXFR with RPZ policy zones (esp. this DBL zone) causes some
> trouble due to a less than desirable design / implementation of RPZ in
> BIND. We have a plan to refactor the RPZ implementation for 9.12 to
> remove these inefficiencies.

Can you share some details on that? Because I've reported issues 
triggered by an XFR of a large RPZ, specifically the Spamhaus DBL, and 
I've been variously pooh-poohed and/or told "no-one else has ever 
reported that".

I'm particularly interested if you're aware of a failure mode where CPU 
usage can spike MASSIVELY during a large-ish IXFR and cause named to 
start dropping queries.

More information about the bind-users mailing list