+1 to all of Chris' suggestions, especially the bit about including one
file in named.conf, and including the per-zone files in that file. Makes
it much easier to update that file with a script, or what have you.
hth,
Doug
On 02/17/2012 07:11, Chris Buxton wrote:
> Yes, it's quite possible to split named.conf into separate per-zone .conf
> files and then 'include' them back into named.conf. You can even put the list
> of include statements in a separate file, and then include that into
> named.conf.
>
> named.conf:
>
> options {
> [...]
> }
> include "/path/to/etc/zones.conf";
>
>
> zones.conf:
>
> include "/path/to/etc/zone1.conf";
> include "/path/to/etc/zone2.conf";
> [...]
>
> I've seen this done with hundreds of thousands of zones. Performance does not
> seem to be significantly impacted by breaking up named.conf into included
> files. The loading time for named in this case will be dominated by the time
> load actual zones, which involves allocating memory and building a tree
> structure in memory.
>
> Use the latest versions of BIND for fastest loading of this number of zones.
> See Evan Hunt's blog posts on the topic:
>
> http://www.isc.org/community/blog/201107/major-improvement-bind-9-startup-performance
> http://www.isc.org/community/blog/201107/isc-bind-981b3-provides-startup-performance-improvements
>
> Regards,
> Chris Buxton
> BlueCat Networks
>
> On Feb 17, 2012, at 1:24 AM, Nick Edwards wrote:
>
>> Hi,
>> In a recent discussion on another list, it was discussed the pros and
>> cons of splitting the main conf file to a per domain.
>>
>> In binds case it would be to /etc/named.d/*.conf
>> So each zone would have a file in that directory containing only the
>> relevant info
>> eg:
>>
>> zone "example.com" {
>> type master;
>> allow-transfer { slavesdns; };
>> file "example.com.signed";
>> allow-query { any; };
>> allow-update { none; };
>> };
>>
>> thats it, nothing more, rather than having 2000 entries in named.conf,
>> we would have 2000 conf file to be read (yes in addition to the 2000
>> actual zone files.
>>
>> with apache it takes only 2 or so more seconds to start and reload
>> doing it this way, so I know that bind will take longer, it has to
>> with all those open/read/close files, at present bind starts up in
>> about 9 seconds due 17K zones, so I'd imagine this would take even up
>> to 15 seconds.
>>
>> My question is, has anyone done this with success or failure?
>> Would a named developer know if its safe or detrimental to do this?
>> or would it simply make no difference apart from the extra time for
>> starts/reloads?
>>
>>
>> (This came about on another list, because we load all hosts on apache
>> in one file (2000 per box) recently something went wrong with sshfs
>> during a transaction, and in deleting a vhost block it took out about
>> 100 of them :) so we are looking at making things a bit more
>> failsafe, my opinion is, if it can happen once, it can happen again,
>> it could have happened to a zone file, but luckily only the web conf
>> file.
>>
>> Thoughts anyone?
>>
>> Thanks
>> Niki
--
It's always a long day; 86400 doesn't fit into a short.
Breadth of IT experience, and depth of knowledge in the DNS.
Yours for the right price. :) http://SupersetSolutions.com/
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
[email protected]
https://lists.isc.org/mailman/listinfo/bind-users
