9.2.5 db causes high cpu? was: Re: BIND 9.2.5rc1 is now available.
brad at stop.mail-abuse.org
Tue Feb 22 21:19:10 UTC 2005
At 4:23 PM +0000 2005-02-22, Paul Vixie wrote:
> the folks who do this are trying to get
> zone-content when they are prevented from doing zone-transfer.
Ahh, Okay. I hadn't heard of this particular approach, nor had I
heard the term before. It makes sense, though.
>> I can hack a bit on things like scripts, and I can put together
>> testing profiles that I consider to be reasonably decent.
> tests are also a form of code. bind9 has a moderately good regression
> test suite but we would welcome improvements to it. take a look?
I'm not sure I can add much to the regression test suite, but I
will take a look when I get a chance.
> that was 2002. any chance of you re-running those tests against 9.3.1,
> using the internal memory allocator and jinmei's other recommendations?
I will be, yes.
> i should know this stuff. i was a founder at nominum and i'm still an
> advisor there. but i don't, so i'll ask. isn't this the same as what
> late-model bind9 does by regenerating every response through the cache?
> (bind4 and bind8 would forward raw results back to the stub resolver,
> and early bind9 did that, but as far as i know, we stopped a while ago.)
I was speaking of the CNS "response validation" feature, which
was also incorporated at one point into a firewall/security product
whose purpose was to provide enhanced security to the systems sitting
behind it (such as caching nameservers), as opposed to being intended
to function as a replacement for the caching nameservers.
Every other person at ISC and Nominum that I recall speaking to
had indicated to me that this was a feature unique to CNS, and I
certainly don't recall seeing anything comparable listed in the
feature set of any other nameserver software.
Maybe I missed something, maybe I've forgotten some discussion
that I've had with someone, or maybe BIND-9 has incorporated it's own
version of this feature?
However, I find on the current Nominum page for CNS still lists
this as a unique feature, so perhaps they need to update their page.
Brad Knowles, <brad at stop.mail-abuse.org>
"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."
-- Benjamin Franklin (1706-1790), reply of the Pennsylvania
Assembly to the Governor, November 11, 1755
SAGE member since 1995. See <http://www.sage.org/> for more info.
More information about the bind-workers