[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: A rookie question on BIND &/| name servers

> http://cr.yp.to/djbdns/dnscache.html
> -----------------------------------------------------------------------
> dnscache uses a fixed-size table, under 256K, to keep track of as many
> as 200 simultaneous UDP queries and 20 simultaneous TCP connections.
> It also dynamically allocates memory, usually just a few bytes but
> occasionally much more, for each active query. If it runs out of
> memory handling a query, it discards that query.
> -----------------------------------------------------------------------
> I started having second thoughts. When a web browser loads a page with
> a lot of images, it spawns a lot of connections. I'm not sure if all
> of these connections need to be resolved by DNS but they might be. I
> don't know whether or not the DNS resolution is being done via udp or
> tcp but with just a hand full of users, saturating the larger 200
> simultaneous connections on dnscache seems fairly probable.

People have hundreds of users behind dnscaches doing all kinds of things.
The issue of 200 has come up when people are dealing with thousands
of lookups. The reason you are running a cache is to reuse information
already found. A single web browser is not going to put a strain on

> The people putting together OpenBSD put BIND 4.x in there for a reason
> and they obviously know a vast amount more than I do. Since I'm not
> going to be serving names publicly, I'd guess BIND security is less of
> an issue because I can (should be able to :) block outside access to
> it with IP Filter.
djbnds does not have a distribution scheme that works with the goals
of the OpenBSD distribution. djbdns is in the OpenBSD ports tree 
(that is how I found out about it). 

I am not sure how many monkeys it would take to type out the
works of Shakespear. I do know how many cats it would take to spam a
maillist if I leave my computer on.
AA4YU http://www.beekeeper.org http://www.q7.net