9.2.5 db causes high cpu? was: Re: BIND 9.2.5rc1 is now available.

Brad Knowles brad at stop.mail-abuse.org
Tue Feb 22 21:19:10 UTC 2005 

At 4:23 PM +0000 2005-02-22, Paul Vixie wrote:

>                                  the folks who do this are trying to get
>  zone-content when they are prevented from doing zone-transfer.

	Ahh, Okay.  I hadn't heard of this particular approach, nor had I 
heard the term before.  It makes sense, though.

>>  	I can hack a bit on things like scripts, and I can put together
>>  testing profiles that I consider to be reasonably decent.
>
>  tests are also a form of code.  bind9 has a moderately good regression
>  test suite but we would welcome improvements to it.  take a look?

	I'm not sure I can add much to the regression test suite, but I 
will take a look when I get a chance.

>  that was 2002.  any chance of you re-running those tests against 9.3.1,
>  using the internal memory allocator and jinmei's other recommendations?

	I will be, yes.

>  i should know this stuff.  i was a founder at nominum and i'm still an
>  advisor there.  but i don't, so i'll ask.  isn't this the same as what
>  late-model bind9 does by regenerating every response through the cache?
>  (bind4 and bind8 would forward raw results back to the stub resolver,
>  and early bind9 did that, but as far as i know, we stopped a while ago.)

	I was speaking of the CNS "response validation" feature, which 
was also incorporated at one point into a firewall/security product 
whose purpose was to provide enhanced security to the systems sitting 
behind it (such as caching nameservers), as opposed to being intended 
to function as a replacement for the caching nameservers.

	Every other person at ISC and Nominum that I recall speaking to 
had indicated to me that this was a feature unique to CNS, and I 
certainly don't recall seeing anything comparable listed in the 
feature set of any other nameserver software.


	Maybe I missed something, maybe I've forgotten some discussion 
that I've had with someone, or maybe BIND-9 has incorporated it's own 
version of this feature?

	However, I find on the current Nominum page for CNS still lists 
this as a unique feature, so perhaps they need to update their page.

-- 
Brad Knowles, <brad at stop.mail-abuse.org>

"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."

     -- Benjamin Franklin (1706-1790), reply of the Pennsylvania
     Assembly to the Governor, November 11, 1755

   SAGE member since 1995.  See <http://www.sage.org/> for more info.

More information about the bind-workers mailing list