On Jul 12, 2013, at 3:11 AM, Arie L. Putra <ari...@smartfren.com> wrote: > We are building a server for recursive DNS Server, this server will be acted > as a cache for our network. (several user-side DNS Server will forward to > this server) > Using Ubuntu Server with latest BIND version, we are trying to have RPZ > incuded in this BIND, with around 800k blacklisted sites. > > Has anyone have experience, how RPZ with huge list will impact BIND > performance, will it reduce DNS response time? we have six DNS server that > will point to this server, each server is serving about 15Mbps of DNS Traffic > on peak hour. > > this server is a Ubuntu box with 2 Xeon (total of 12 core, 24 if include HT), > 16GB RAM.
I've seen well over 1 million entries in an RPZ. The performance impact with BIND 9.8 was noticeable but not horrible. The memory requirements were roughly 300 MB for this one zone, compared to over 3 GB for the equivalent in the form of somewhere north of 500 thousand individual zones (two A records each, for the zone apex and a wildcard, all loading from the same file). I'm not used to considering DNS traffic in terms of Mb/s (nor MB/s). I'm more used to considering q/s. The servers with the aforementioned RPZ each handled a relatively large number of queries, possibly as high as 20Kq/s. In my experience, it's impossible to know how a given server will perform without seeing all of the configuration, as lots of configuration settings can impact performance. Once such example is query logging to file (instead of to syslog), which can completely gut performance. Regards, Chris Buxton BLUECAT _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
