DNS Server sizing guide?

Grant Taylor gtaylor at tnetconsulting.net
Wed Mar 28 20:46:30 UTC 2018


On 03/28/2018 12:51 AM, Blason R wrote:
> Interesting I didn't know that. Let me dig in..can I have few examples 
> please?

RPZ zones are effectively standard zones.  The only difference is that 
the CNAME record is used to convey information to the RPZ engine (? is 
that an accurate description ?) that special action should be taken.

I have messed with a project where I donwload newly registered domains 
daily and build an RPZ zone.  The intention is that I can make it appear 
as if domains registered within the last 1 / 7 / 14 / 28 days do not 
exist on my personal DNS server.  The records look like the following:

example.com	CNAME	.
*.example.com	CNAME	.
example.net	CNAME	.
*.example.net	CNAME	.
example.org	CNAME	.
*.example.org	CNAME	.

As you can see, this is really two records per domain.  One for the 
domain w/o any subordinates, and one for the domain subordinates.

I've been collecting newly registered domains for ~4 months and here's 
the number for each month thusfar.

2017-12:  2,110,518   (Started collecting December 3rd.)
2018-01:  2,932,808
2018-02:  3,040,718
2018-03:  3,010,168   (Still missing a few days.)

I did test all of December's records in a single RPZ zone file, and they 
worked okay.  I only say okay because it took close to a minute for 
named to start up and my naive OS's start up script coughted up a fur 
ball after 30 seconds.  named was quite happy if I gave it an additional 
30 secones.

Note:  This was running on a 1.6 GHz AMD Dual-Core E-350 APU w/ 8 GB of 
memory.  More power efficient than a server. ¯\_(ツ)_/¯



-- 
Grant. . . .
unix || die


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3982 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20180328/5c0c7905/attachment.bin>


More information about the bind-users mailing list