rbl-style zones?
Stefan Schmidt
zaphodb--bind at zaphods.net
Sun May 8 16:55:27 UTC 2005
On Mon, Apr 25, 2005 at 01:11:09PM -0400, Michael Richardson wrote:
> I'd rather not have more complexity in bind.
I don't see any problem if we keep the default behaviour.
In general i welcome complexity if it widens my options and does not harm
performance.
> I think that many of us are moving towards using BIND9 only for
> recursive (secure) resolution, with things like NSD for primary zone
> serving.
NSD or powerdns, yes. Just have not decided the when.
> I don't run RBL zones, but if I did, I'd rather use a program
> optomized for that kind of work.
>
> The only concern that I have is that sometimes one wants a machine
> that is primarily a cache, but for various reasons, one decides to make
> it a (stealth) secondary for some critical zones.
>
> If those are RBL zones, then maybe this is an issue.
What you described here is exactely the situation we have in our email-system.
Our postmasters are running a hidden primary serving as a master for our DNSBL
Zones and two semi-public (i.e. we let selected customers access that RBLs via
ACLs there) Bind9 secondaries that are also used as recursive nameservers by
the MTAs. Our head postmaster is aware of such specialized nameserver software
for DNSRBLs as rbldnsd but he says he is familiar with Bind9 and wants to
remain with the internet standard even though he is experiencing RAM shortages
on these machines.
A smaller footprint for DNSBL-Zones would have spared us one extra GB of RAM
per machine.
Stefan
PS: And no, our postmaster is not a clueless button-pusher. If you don't
believe me have a look: -> http://www.moria.de/~michael/ ;-)
--
Jobs with a future: Bootmanager
More information about the bind-workers
mailing list