restructuring/redesigning BIND (was Re: 9.2.5 db causes high cpu?)

Brad Knowles brad at
Tue Feb 22 09:50:31 UTC 2005

At 5:52 AM +0000 2005-02-22, Jim Reid wrote:

>  This is a truly horrible idea. A better solution would be to produce
>  two independent executables that can then be optimised for
>  authoritative-only or caching-only operations.

	I strongly disagree.  If you were going to go that route, you 
might as well ship djbdns and be done with it.

	Paul seems to agree with your view on the subject regarding value 
of separation of function, but seems to feel that there is no way we 
could ever possibly get away from shipping a single binary that is 
required to do it all.

	Myself, I think I fall somewhere in the middle.

	I have felt for many years that the functions should definitely 
be kept completely separate, on separate instances of the software 
preferably running on totally separate machines, but through 
configuration management and not through the use of physically 
different binaries.

	That said, like Paul I feel I have to allow for people who have 
various constraints put on them that require both functions to be 
provided by the same instance of the same software running on the 
same machine -- regardless of whether or not these constraints are 
put on them by their own stupidity or by external forces.

>                                                     Algorithms and data
>  structures can be specifically designed for one function instead of an
>  unhappy compromise for both. The proof of the validity of that
>  approach can be seen in the Nominum servers and NSD.

	You warned me yourself against recommending that people use NSD 
as a general purpose authoritative-only server.  You said that they 
threw out almost all of the things that you would want in an 
authoritative-only server, and customized it so heavily for the 
root/TLD server function that it was unsuitable for use as a 
general-purpose authoritative-only server.

	Have you changed your mind?  Has NSD evolved to the point where I 
can recommend that people throw away their authoritative-only BIND 
installations and switch to a program that is likely to be at least 
four times as fast on the same machine?

	With regards to the ability to customize each server, algorithms, 
and data structures for the specific task, that is an interesting 
argument.  I don't know anything about the internals of ANS versus 
CNS and I presume that you do.

	I would be very interested to learn more about the internals of 
ANS and CNS, how they compare and contrast, what compromises you'd 
have to make in terms of architecture, algorithms, and data 
structures if you were to try to put them into the same program, and 
what kinds of impacts those compromises would result in.

Brad Knowles, <brad at>

"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."

     -- Benjamin Franklin (1706-1790), reply of the Pennsylvania
     Assembly to the Governor, November 11, 1755

   SAGE member since 1995.  See <> for more info.

More information about the bind-workers mailing list