Craig Sanders wrote:
>
> > - install a caching DNS on the SAME machine as the mail server, a nearby
> > one is not good enough; use djbdns for that instead of bind; turn off
> > logging for lookups, and give it plenty of memory to keep the cache;
>
> yep. caching dns is good. don't think i'd use djbdns though.

The jury is still pondering performance stats in the
comp.protocol.bind newsgroup.

Since djdns cache product does extra work to make it harder to
be fed spoofed responses by default, it may well be outperformed
by some versions of BIND. Just occaisonally security costs.

I'd start with the latest BIND 9.2 release candidate, although
historically 9 has been slower than 8, the results are getting
better. BIND 9 still does some unneeded work that 8 doesn't do,
but recent stats I've seen show the gap is marginal and 9 is
better written.

Anyway local DNS caching is an absolute must for this kind of
thing. For small messages you can spend almost as much time
doing DNS lookup's as delivering mail.

For DNS performance in general, forwarding to your ISPs caching
DNS servers is usually a big win if your ISP knows what they are
doing (and have lots of dial users using these DNS servers).
Although no one ever seems to believe me, till I show them my
stats, I average about 1/3 of a second per uncached query gain
over caching off the root name servers (And that was with a BIND
version (9) that doesn't pick the best responding forwarder
(like Bind 8 does)).

With a 1,000,000 distinct queries to do (I doubt they are all
distinct) you could save yourself several days worth of DNS
lookups if starting with an empty cache by forwarding to the
ISPs DNS server. Of course forwarding trades performance for
reliabilty, so forward-first, and make sure your ISPs DNS
servers are up to the task.
-
To unsubscribe, send mail to majordomopostfix.org with content
(not subject): unsubscribe postfix-users

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]