9.2.5 db causes high cpu? was: Re: BIND 9.2.5rc1 is now available.

Ed Allen Smith easmith at beatrice.rutgers.edu
Sun Feb 20 03:55:40 UTC 2005


In message <y7v1xbbq4jp.wl at ocean.jinmei.org> (on 20 February 2005 12:43:54
+0900), jinmei at isl.rdc.toshiba.co.jp (JINMEI Tatuya /
=?ISO-2022-JP?B?GyRCP0BMQEMjOkgbKEI=?=) wrote:

>> 	If we can't make BIND9 with threading work as well as or better 
>> than multiple copies of BIND8, then we might as well go home.  IMO, 
>> BIND8 can't be retired until this happens.
>
>I'd not jump into this conclusion, since BIND9 provides other
>advantages over BIND8, including views, better IPv6 support, better
>dynamic update support, DNSSEC support (if you are a fun of this),
>etc, etc...

Does BIND9 yet provide name-syntax checking? Without such, I would not
recommend using it for a publically accessible nameserver, at least for
purposes related to email - from experience maintaining a secondary
nameserver for various blacklists, either misconfigurations causing bad
queries or outright DoS attacks via bad queries are not uncommon, and this
tends to result in blocking the NSes making said queries - including those
of any ISP that is letting through such bad queries and thus contributing to
the problem. If BIND9 will let through said bad queries (ones containing
control characters, returns, and similar are particularly outrageous), then
it has a problem and cannot replace BIND8. We are thus currently using
BIND8.

	-Allen

-- 
Allen Smith                       http://cesario.rutgers.edu/easmith/
February 1, 2003                               Space Shuttle Columbia
Ad Astra Per Aspera                     To The Stars Through Asperity


More information about the bind-workers mailing list