restructuring/redesigning BIND (was Re: 9.2.5 db causes high cpu?)

Chan Wilson cwilson at sgi.com
Tue Feb 22 18:23:23 UTC 2005 

On  0, Paul Vixie <paul at vix.com> inscribed onto the electric medium...
> > 	Paul seems to agree with your view on the subject regarding value 
> > of separation of function, but seems to feel that there is no way we 
> > could ever possibly get away from shipping a single binary that is 
> > required to do it all.
> 
> paul thinks that a unified binary will always be necessary.  paul does
> NOT think that separate binaries, optimized for only one task or the
> other, should not also be shipped.

I think clear seperation of duties and responsibilities is a very fine
idea.  It promotes many good practices on both the administrative and
programatic sides of the fences.

I run both BIND and DJBDNS servers.  I run BIND in the legacy
infrastructure, where switching away from NOTIFY and AXFR would be
annoying and not a great ROI.  Dnscache and tinydns reside on the
outer edge, where the concise, secure code base and clear seperation
of duties provide peace of mind.  Although I'm sure it'll happen
eventually, I don't need any TSIG or IPv6 features, nor rndc, nor
views.  

Do understand: I'm not promoting one over the other.  Claims of
superiority must always be taken with [large] grains of salt.
Understanding your precise scenario is critical to developing an
appropriate infrastructure.  I have found the following papers useful
in judging DNS server profiles:

	http://dns.measurement-factory.com/writings/
	http://dns.measurement-factory.com/writings/wessels-netts2004-paper.pdf
	http://dns.measurement-factory.com/writings/wessels-pam2004-paper.pdf
	
	http://www.nanog.org/mtg-0310/wessels.html

The last link has a RealVideo stream of the presentation, which really
helps explain a few of the slides.  The pam2004 is a restatement of
that presentation with better graphs.

At the risk of tangentially ratholing, note some file sizes:

	dnscache 	 127728
	tinydns		  86132
	named-9.3.0	4910768
	apache-2.0.46	  21896
	apache-1.3.27	 385356
	
If I may play at being systems programmer for a moment, it would seem
to me that the Apache scheme of providing functionality with DSOs
pulled in at configuration time could supply the benefits of a
smaller, more concise code base while providing the framework for the
future, in-progress items, such as TSIG, IPv6, and related.

--Chan

-- 

 Chan Wilson :: cwilson at sgi.com :: 715/726-7661 :: SGI Enterprise Net Services

 People don't ask for facts in making up their minds.  They would rather have
 one good soul-satisfying emotion than a dozen facts.               --Leavitt

More information about the bind-workers mailing list