> You gotta work with what you have. Bind outsmarts itself in a lot
> of places, especially the stupid interface scanning/binding
> code.

Agreed.

> The
> last thing I want it to do is hold *any* state from the previous
> incarnation across a restart. Frankly, restarting is not a big deal
> even if you have hundreds or thousands of domains. I always restarted
> named at BEST rather then HUP it, becausing HUPing is simply too
> dangerous when you make random modifications to dozens of primary
> zone files out of thousands.

Disagree. The problem here is that named stops answering queries for a
long time while it is sucking in the zone files. This is mostly a problem
for servers with many thousands of domains - but in those cases it can be
quite noticeable. Here's a server with 14000 zones:

Jan 28 22:22:31 nn named[8645]: starting (/etc/named.conf). named 8.2.3-REL
...
Jan 28 22:33:26 nn named[8740]: Ready to answer queries.

Steinar Haug, Nethelp consulting, sthaugnethelp.no

To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]