Hi there, On Fri, 12 Jul 2013, Arie L. Putra wrote:
We are building a server for recursive DNS Server, this server will be acted as a cache for our network. (several user-side DNS Server will forward to this server) Using Ubuntu Server with latest BIND version, we are trying to have RPZ incuded in this BIND, with around 800k blacklisted sites. Has anyone have experience, how RPZ with huge list will impact BIND performance, will it reduce DNS response time? we have six DNS server that will point to this server, each server is serving about 15Mbps of DNS Traffic on peak hour.
I wonder if you've considered using iptables in addition to BIND/RPZ? Using the ipsets extension to iptables, on very modest hardware, we routinely block over one thousand million IP addresses with negligible impact on performance. I understand that it's not the same thing at all, but I still wonder if it might be of some use to you. -- 73, Ged. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
