-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi unbound-users,
In this email, I want to go over some questions that were repeatedly or recently asked about unbound. * About memory, how to configure its maximum? Ok. pick the limit (32-bit linux has 3Gb per process). Then divide by two (for the operating system malloc overhead). Then divide this into RRset, msg, and other caches. Leave a little to spare because hitting the hard max is painful (server failure errors are sent to clients). The divide-by-two looks bad, but it is really a very sophisticated algorithm to even get that good. And I do not believe unbound can do a better job at it than your OS can. (if you know how to do it better, we may make unix systems the world over operate better). So, for 3Gb, about 1.5Gb to divide over caches. Such as rrset-cache 600M, msg-cache 300M, key-cache 100M, neg-cache 100M, infra-numhosts 100000. This leaves some space as well. And how did I choose these ratios? What I did was look at the ratios when the caches are not full yet but are used in normal operations. The key and neg cache values are guesses to enable DNSSEC operations. It is likely that DNSSEC's deployment will change this (specifically more space for key-cache and neg-cache). * Denied feature request: donotquery config per port. So that you can block specific port numbers. Such setup could use more localhost interfaces, for example, without needing to self-block a specific port number. In actuality, unbound can cope perfectly well with sending queries to itself (I mean, it does not crash, not loop). Thus the donotquery-localhost feature is another layer of protection. * Denied feature request: dump_requestlist with threads Only thread 0 is printed by unbound-control. Printing other threads is a lot of code, and if it is very full, is usually similar contents anyway. It is a debug feature. Best regards, Wouter -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkyvMOwACgkQkDLqNwOhpPgfmwCgqL8sZY4vNNn26XyNDFJPDWa5 1gMAnjaiSGWgGkehy4UyaozFj9rOx4id =LKkj -----END PGP SIGNATURE----- _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
