On Wednesday, June 7, 2006, 1:50:49 AM, Ramprasad Ramprasad wrote: > We have an array of 8 load balanced linux boxes running Spamassassin > with peak traffic upto 20k mails per hour per server.
> How do I make optimum use of DNS caching. Currently I am using bind as > caching DNS server on each machine. Would it be better I have a central > DNS server. That way the DNS Cache hit will increase dramatically , but > could also bog the DNS server down with too many requests. > Also which is the best caching nameserver I can use on linux Hi Ram, Presumably you're asking about DNS caching of RBL and SURBL DNS queries, at perhaps a few million queries per day. A couple different ways to organize this would be to centralize the queries onto a server or two, or to decentralize them onto each local server as now. In terms of query performance, BIND would have no problem either way, but getting the zone files locally and running rbldnsd instead of BIND would be vastly more efficient. rbldnsd runs much smaller in memory, and uses much less cpu than BIND, so it's preferred in this application. (It's what rbldnsd was designed for, whereas BIND is more of a general purpose nameserver. BIND has lots of features, arguably way too many in this application.) As you suggest, you will get higher cache hit rates with a centralized server, at the cost of some LAN traffic. But a few million DNS queries per day over a LAN is probably insignificant. Given that the BL zone files are pretty large, I'd recommend a centralized server running rbldnsd. That way you're not using up a lot of memory for BLs across many boxes. rbldnsd is so efficient that you could probably just pick some existing server that has enough memory and choose it to be your rbldnsd server. You don't need a new box; any old server with enough memory will work. (What is enough memory depends on which BLs and other applications you run locally. The BLS probably take up no more than a few hundred MB.) More howtos and faqs about setting up rbldnsd, etc., are at: http://www3.surbl.org/rsync-signup.html Jeff C. -- Jeff Chan mailto:[EMAIL PROTECTED] http://www.surbl.org/
