High performance DNS server configuration?

Benny Pedersen me at junc.eu
Thu Sep 15 15:19:55 UTC 2016


On 2016-09-15 15:42, John Levine wrote:
>> Problem is procmail + postfix with rbl's (zen.spamhaus.org and 
>> others).
>> 
>> Really big problem are spam botnet's and some day we can get over 5-6
>> million messages per day or even more.
>> 
>> Procmail/postfix is doing every check per msg at localdns (localdns =>
>> rbl's) server and average check time is 1-2 sec per message and it's
>> too much.
> 
> I agree that bind is likely not the best DNS cache for this purpose.
> You might look at unbound.

i hear the opposite, unbound have dnssec issues that is not in bind

unbound would need forward first in forward zone else it serves stale 
data, since unbound miss forward only, i have no problem with bind there

lastly unbound miss rpz

it might change to the better later

> More importantly, at that query volume you should be running a local
> copy of rbndnsd and rsync'ing the DNSBLs.

sure both of them can use this to get more high performance in the end




More information about the bind-users mailing list