Re: Significant memory usage

Tue, 01 Jul 2025 12:01:18 -0700 

You'll have to experiment a bit (and I mean read the documentation[1]) as I am 
writing this from top of my head,

1. You need to create RPZ zone like this:

$TTL 604800
$ORIGIN adaway.rpz.
@ IN SOA localhost. root.localhost. (1 604800 86400 2419200 604800 )
@ IN NS localhost.
ad-assets.futurecdn.net A 127.0.0.1
ad-assets.futurecdn.net AAAA ::1
[...]

I've used this command:

( echo "@ IN SOA localhost. root.localhost. (1 604800 86400 2419200 604800 )"; 
echo "@ IN NS localhost." ; cat named_adaway.conf  | cut -f 2 -d ' ' | while 
read D; do echo "$D IN A 127.0.0.1"; echo "$D IN AAAA ::1"; echo "*.$D IN A 
127.0.0.1"; echo "*.$D IN AAAA ::1"; done ) > adaway.rpz.db

2. Add the RPZ zone to your named.conf

zone adaway.rpz {
type primary;
file "/<PATH_TO>/adaway.rpz.db";
allow-query { localhost; };
};

3. Add the response-policy to your options {} in named.conf

options {
[...]
response-policy { zone adaway.rpz; } break-dnssec yes;
[...]
};

And the memory usage on 9.20 is now mere 450MB:
  PID User     Command                         Swap      USS      PSS      RSS
514700 ondrej   /home/ondrej/Projects/bind9        0   451684   452652   461872

$ dig +short -p 12345 @::1 ad-assets.futurecdn.net.
127.0.0.1
$ dig +short -p 12345 @::1 foo.ad-assets.futurecdn.net.
127.0.0.1

1. 
https://bind9.readthedocs.io/en/v9.20.10/reference.html#response-policy-zone-rpz-rewriting
--
Ondřej Surý (He/Him)
ond...@isc.org

My working hours and your working hours may be different. Please do not feel 
obligated to reply outside your normal working hours.

> On 1. 7. 2025, at 20:40, OwN-3m-All <own3m...@gmail.com> wrote:
> 
> Also, 127.0.0.1 (localhost) needs to be returned for these hosts, not a 
> NXDOMAIN response.  Would that impact it?
> -- 
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
> this list
> 
> ISC funds the development of this software with paid support subscriptions. 
> Contact us at https://www.isc.org/contact/ for more information.
> 
> 
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to