<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto">Docker/Podman is just a container, not *-virtualization platform, so there’s full access to the underlying hardware.<br id="lineBreakAtBeginningOfSignature"><div dir="ltr"><div>--</div>Ondřej Surý — ISC (He/Him)<div><br></div><div>My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours.</div></div><div dir="ltr"><br><blockquote type="cite">On 23. 7. 2025, at 15:10, Carlos Horowicz via bind-users <bind-users@lists.isc.org> wrote:<br><br></blockquote></div><blockquote type="cite"><div dir="ltr">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<p>
<style></style></p>
<p class="p1">I’m not sure if a container will pass through the CPU
instruction set required to leverage hardware acceleration on
newer (or even not-so-new) Intel processors. In KVM, for example,
you have to enable it explicitly.</p>
<p class="p1">One way to check for supported instructions is:</p>
<p>grep -o -w
'aes\|sha_ni\|pclmulqdq\|rdseed\|rdrand\|avx\|avx2\|avx512'
/proc/cpuinfo | sort | uniq</p>
<p>
</p>
<p class="p1">Hardware acceleration can be beneficial if you’re
running a resolver that performs a lot of DNSSEC validation—<span class="s1">SHA_NI</span> in particular can speed up operations
involving DS/NSEC/NSEC3 records. That said, if you’re only running
an authoritative server or a small-scale resolver, crypto
acceleration may not be critical.</p>
<p class="p1">Fwiw, my preferred distro for running BIND9 is Debian
12—it includes <span class="s1">dnstap</span> support out of the
box.</p>
<p>
<style>@font-face { font-family: "Cambria Math"; }
@font-face { font-family: Aptos; }
@font-face { font-family: "Segoe UI"; }
p.MsoNormal, li.MsoNormal, div.MsoNormal { margin: 0cm 0cm 8pt; line-height: 115%; font-size: 12pt; font-family: Aptos, sans-serif; }
.MsoChpDefault { font-family: Aptos, sans-serif; }
.MsoPapDefault { margin-bottom: 8pt; line-height: 115%; }
div.WordSection1 { page: WordSection1; }</style></p>
<div class="moz-cite-prefix">On 23/07/2025 14:57, Marc wrote:<br>
</div>
<blockquote type="cite" cite="mid:92f82a6c9fbb4f9c96a6b96f3c7f5251@f1-outsourcing.eu">
<pre wrap="" class="moz-quote-pre">Maybe consider running it in a container and keeping nice and small with alpine linux
</pre>
<blockquote type="cite">
<pre wrap="" class="moz-quote-pre">I'd like to migrate from bind 9.11 lo last version.
This service is acting as cache dns server and It' running on Centos 7
server, what Linux distro do you suggest me for new Bind?
</pre>
</blockquote>
</blockquote>
<span>-- </span><br><span>Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list</span><br><span></span><br><span>ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.</span><br><span></span><br><span></span><br><span>bind-users mailing list</span><br><span>bind-users@lists.isc.org</span><br><span>https://lists.isc.org/mailman/listinfo/bind-users</span><br></div></blockquote></body></html>