On Thu, 2 Jul 2009, Matthew Walster - Gyron wrote:
Hey there,
Does anyone have any tips and/or tricks for running a medium-scale DNS
recursive resolver appropriate to my situation? Medium being bigger than
"run it off a DSL router" but smaller than "get a server farm to do it"!
1- make sure you configure a limit for max-cache-entries
otherwise it will keep growing and consume all memory.
100k - 500k should cover most regular servers.
2- don't load any iptables modules if at all possible,
the state tracking causes serious (performance) problems
on loaded servers.
3- make sure to explicitly configure incoming and outgoing ips,
preferably different ones. This enables later load-balancing / anycast
schemes and makes the traffic-flow predictable. If your network
layout is a bit more complicated (bgp, multiple gateways) then the
linus arp_announce and arp_filter sysctls should be tweaked to
make sure that Linux selects the correct source-ips.
4- use allow-from-file to configure the ranges that should be allowed
to use your nameservers.
This should allow you to handle 5-10k queries on reasonable hardware
with a decent uplink (100mbit). Anything beyond that will require
compilation with a recent compiler and system specific tuning,
binding pdns to a specific cpu and the ethernet driver to another
for example. This kind of tuning should only be done with careful
measurements to test the effect of each change.
--
Sten Spans
"There is a crack in everything, that's how the light gets in."
Leonard Cohen - Anthem
_______________________________________________
Pdns-users mailing list
[email protected]
http://mailman.powerdns.com/mailman/listinfo/pdns-users
