On 18/10/16 08:26, Mukund Sivaraman wrote:
We know that IXFR with RPZ policy zones (esp. this DBL zone) causes some trouble due to a less than desirable design / implementation of RPZ in BIND. We have a plan to refactor the RPZ implementation for 9.12 to remove these inefficiencies.
Can you share some details on that? Because I've reported issues triggered by an XFR of a large RPZ, specifically the Spamhaus DBL, and I've been variously pooh-poohed and/or told "no-one else has ever reported that".
I'm particularly interested if you're aware of a failure mode where CPU usage can spike MASSIVELY during a large-ish IXFR and cause named to start dropping queries.
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
