On Sun, 15 Jan 2023, Jesus Cea wrote:
I have a huge zone receiving a constant flow of small dns updates. My
secondaries receive notifications and transfer the zone incrementally. Cool,
everything works as expected.
[...]
Ok, my updates are coming too fast (first line). No problem, the secondary
will eventually retrieve the changes. What worries me is the last couple of
lines: The rpz zone (big, around 800.000 domains) is being reloaded
constantly and it takes a couple of seconds eating CPU, when the incremental
changes are actually pretty tiny.
[...] not a full zone reload taking a couple of seconds and
sucking an entire CPU core.
Is that a fact or conjecture?
There's a lot of "marketecture" in threat indicators generally.
We can start with notifications versus polling. Secondaries can do either.
Tell me why one is better, other than the vendor says so. Polling just
does an SOA query, so two UDP packets; notify sends one. Is that extra
packet more important than control?
If this is a vendor and they're doing this why don't other customers see
this as a problem? Is this just a "tax" for dealing with that vendor? What
proof do you have that the CPU usage correlates, and that it's a problem?
What are the vendor's recommendations (for provisioning and operational
management), and are you following them?
--
Fred Morris
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
