Re: Bind9 - Tuning

Mon, 27 Mar 2017 00:03:06 -0700 

Hi Filho,

We have used bind as a server for many years in a VM with a single CPU and 2 Go 
RAM with almost default settings.

Here is the options of our config

options {
        directory "/var/lib/named";
        managed-keys-directory "/var/lib/named/dyn/";
        zone-statistics yes;
        statistics-file "/var/lib/named/log/named.stats";
        dump-file "/var/log/named_dump.db";
        forwarders { x.x.x.x; x.x.x.x; };
        listen-on port 53 { 192.168.4.160; };
        allow-query { any; };
        notify yes;
        allow-transfer { 10.91.76.0/24; 192.168.1.0/24; 192.168.2.0/24; 
192.168.3.0/24; 192.168.4.0/24; };
        empty-zones-enable no;
        recursive-clients 20000;
        tcp-clients 20000;
        check-names master ignore;
        check-names slave ignore;
        check-names response ignore;
};


The server is used in a MAN network in Switzerland, for more than 10’000 
computers.
8 to 10 millions query per day without any performance issue.


Best regards
Stefano


> On 22 Mar 2017, at 05:21, Filho Arrais <[email protected] 
> <mailto:[email protected]>> wrote:
> 
> Hello,
> 
> I have a 9.9.5 recursive bind server running on Debian 8 at an internet 
> provider. The peak reaches 3,000 queries, that number will be much greater 
> when we put more customers to use dns.
> 
> Please could suggest bind adjustments, security tips, and kernel improvements 
> for better performance. Any tip for improvement is welcome. Currently we do 
> not serve IPv6, but we will be in production soon.
> 
> The server is a VM with 4 vcore and 4 gb of RAM, which can be upgraded, if 
> necessary.
> 
> /etc/bind/named.conf.options
> 
> options {
>         directory "/var/cache/bind";
>         version "unknown";
>         recursive-clients 10000;
>         tcp-clients 1000;
>         zone-statistics yes;
>         listen-on port 53 { any; };
>         allow-query     { any; };
>         allow-query-cache { any; };
>         minimal-responses yes;
>         dnssec-enable no;
>         dnssec-validation no;
>         auth-nxdomain no;
>         allow-recursion  {      127.0.0.1;
>                                 177.0.0.0/18 <http://177.0.0.0/18>;
>                          };
>         recursion yes;
> };
> 
> 
> /etc/default/bind9
> 
> # run resolvconf?
> RESOLVCONF=yes
> 
> # startup options for the server
> OPTIONS="-4 -u bind"
> 
> -- 
> Filho Arrais  
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users 
> <https://lists.isc.org/mailman/listinfo/bind-users> to unsubscribe from this 
> list
> 
> bind-users mailing list
> [email protected] <mailto:[email protected]>
> https://lists.isc.org/mailman/listinfo/bind-users 
> <https://lists.isc.org/mailman/listinfo/bind-users>

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
[email protected]
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to