Agree!! Right now I have around 270000 zones added in DNS but that is with direct zones NO RPZ. And my config is 4 vCPU 8Gb RAM its running well and around 700 users
The only concern thing for me is I may need to re-write all my scripts to load those zones in RPZ format hence wondering if RPZ can really help me in boosting performance of my server and how much? Because if you see with my current config I may be running 40% of the resources; with RPZ if I am achieving 30-35% then re-writing complete stuff for that 5% does not entice me. If the difference is noticeable lets say 20% then probably I can start of with that. Hence wanted to know from community if they have ever tried such thing before? and if so would really appreciate if they can share their observations. On Thu, Mar 29, 2018 at 2:16 AM, Grant Taylor via bind-users < bind-users@lists.isc.org> wrote: > On 03/28/2018 12:51 AM, Blason R wrote: > >> Interesting I didn't know that. Let me dig in..can I have few examples >> please? >> > > RPZ zones are effectively standard zones. The only difference is that the > CNAME record is used to convey information to the RPZ engine (? is that an > accurate description ?) that special action should be taken. > > I have messed with a project where I donwload newly registered domains > daily and build an RPZ zone. The intention is that I can make it appear as > if domains registered within the last 1 / 7 / 14 / 28 days do not exist on > my personal DNS server. The records look like the following: > > example.com CNAME . > *.example.com CNAME . > example.net CNAME . > *.example.net CNAME . > example.org CNAME . > *.example.org CNAME . > > As you can see, this is really two records per domain. One for the domain > w/o any subordinates, and one for the domain subordinates. > > I've been collecting newly registered domains for ~4 months and here's the > number for each month thusfar. > > 2017-12: 2,110,518 (Started collecting December 3rd.) > 2018-01: 2,932,808 > 2018-02: 3,040,718 > 2018-03: 3,010,168 (Still missing a few days.) > > I did test all of December's records in a single RPZ zone file, and they > worked okay. I only say okay because it took close to a minute for named > to start up and my naive OS's start up script coughted up a fur ball after > 30 seconds. named was quite happy if I gave it an additional 30 secones. > > Note: This was running on a 1.6 GHz AMD Dual-Core E-350 APU w/ 8 GB of > memory. More power efficient than a server. ¯\_(ツ)_/¯ > > > > > -- > Grant. . . . > unix || die > > > > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > unsubscribe from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > >
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
