Re: [Bind-dlz-testers] Performance of DLZ skeleton
Brought to you by:
crodster
From: Petr S. <ps...@re...> - 2015-01-06 16:30:32
|
On 6.1.2015 01:00, Jorgen Lundman wrote: >> Every query triggers a database lookup, and the response from the database >> is in text format, which has to be marshalled into DNS wire format. >> This all adds significant overhead to DLZ query processing, and is the >> reason I don't recommend DLZ be used for high-traffic servers. If you >> need high throughput, use DLZ as a hidden master and have standard >> BIND servers acting as slaves to answer queries. Alternative is to use (non-standard-yet) API for database back-ends which allows you to plug-in your own code directly into BIND's database API. Patches are here: https://github.com/spacekpe/bind-dynamic_db/commits/dyndb_bind9_9 The API is heavily used by: https://fedorahosted.org/bind-dyndb-ldap/ The API itself is pretty low-level but also low-overhead: bind-dyndb-ldap driver offers ~ 99 % read performance of plain BIND but at the same time it immediately propagates changes from LDAP to BIND + supports DNS dynamic updates from BIND to LDAP and DNSSEC in-line signing at the same time. Petr^2 Spacek > > We also tried some local caching with; > > view "internal" { > # Allow localhost (forwarder) as well as L4 health checker > match-clients { 127.0.0.1; 172.20.11.2; 172.20.11.3; 172.16.12.2; }; > recursion no; > allow-recursion { any; }; > zone "localhost" { type master; file "localhost.zone"; }; > dlz "ldap zone" { > database "ldap 20 v3 simple DLZmagichere > }; > }; > > view "external" { > recursion yes; > allow-recursion { any; }; > max-cache-size 512M; > forwarders { 127.0.0.1; }; > forward only; > }; > > > But we also patched BIND to set authoritative reply from the cacher, and > allow recursion for external. It works well for us. > > Lund |