High performance DNS server configuration?

Reindl Harald h.reindl at thelounge.net
Thu Sep 15 15:53:07 UTC 2016



Am 15.09.2016 um 17:19 schrieb Benny Pedersen:
> On 2016-09-15 15:42, John Levine wrote:
>>> Problem is procmail + postfix with rbl's (zen.spamhaus.org and others).
>>>
>>> Really big problem are spam botnet's and some day we can get over 5-6
>>> million messages per day or even more.
>>>
>>> Procmail/postfix is doing every check per msg at localdns (localdns =>
>>> rbl's) server and average check time is 1-2 sec per message and it's
>>> too much.
>>
>> I agree that bind is likely not the best DNS cache for this purpose.
>> You might look at unbound.
>
> i hear the opposite, unbound have dnssec issues that is not in bind

where?

> unbound would need forward first in forward zone else it serves stale
> data, since unbound miss forward only, i have no problem with bind there

besides it's not true (i remember your mail on the SA list pretending 
that nonsense - read the docs and read this 
https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=818 - exactly the 
context where you pretended stale data because missing forward-first 
statement which is nonsense) for the task of the OP *no forwarding must 
happen* at all

you either do *only* forwarding for a zone - "forward first" would lead 
to recursion too if no forwarding response or you do recursion without 
any forwarding

we talk about a inbound mailserver - nothing else


More information about the bind-users mailing list