rbl-style zones?
Paul Vixie
paul at vix.com
Sun May 8 22:17:41 UTC 2005
> > I think that many of us are moving towards using BIND9 only for
> > recursive (secure) resolution, with things like NSD for primary zone
> > serving.
i think that statement is not statistically representative. most folks
are perfectly happy with bind9 as an authority server; only specialists
or special needs seem to be able to force alternatives to be chosen.
and note, we have a lot of unreleased code sitting on branches that ought
to go into 9.4, hopefully hitting beta this summer, that improves the
performance of BIND9 authority service.
> > I don't run RBL zones, but if I did, I'd rather use a program
> > optomized for that kind of work.
this brings up two questions.
first, i asked here a month or so ago whether there was general interest
in a "subtype rbl;" option on master/slave zones, that would eschew TXT RRs
and force some kind of patricia-tree or bitmap storage for the A/AAAA RRs.
what i heard was a great big "yawn". did i hear wrong?
second, did anybody notice that the load/unload time for RBL-style zones got
a LOT better in 9.3.1 (compared to 9.3.0 and any 9.2 or earlier, even BIND8)?
this was a relatively easy hashing fix having to do with deep/sparse zones,
but we didn't exactly put out a press release about it. did anybody notice?
> Our postmasters are running a hidden primary serving as a master for
> our DNSBL Zones and two semi-public (i.e. we let selected customers
> access that RBLs via ACLs there) Bind9 secondaries that are also used
> as recursive nameservers by the MTAs. Our head postmaster is aware of
> such specialized nameserver software for DNSRBLs as rbldnsd but he
> says he is familiar with Bind9 and wants to remain with the internet
> standard even though he is experiencing RAM shortages on these
> machines. A smaller footprint for DNSBL-Zones would have spared us
> one extra GB of RAM per machine.
>
> Stefan
>
> PS: And no, our postmaster is not a clueless button-pusher. If you don't
> believe me have a look: -> http://www.moria.de/~michael/ ;-)
so, should we offer a "subtype rbl;" that uses more of a packed-bit-array
for storage? if that's only going to help a dozen people, it's not worth
the complexity. if it's going to help hundreds or thousands of people, we
can think about putting it in there.
More information about the bind-workers
mailing list