On 1/4/2011 9:15 PM, John R Levine wrote:
I wasn't surprised.
Oh well.
I looked for foo.gurus.org, got an NXDOMAIN, then
queried bar.foo.gurus.org, and it went back to the authoritative server to
get the answer.
I guess I must have misunderstood. If _that_ is how you test it, I
can't imagine a DNS server doing otherwise.
Nice cache, though. Maybe I'll give it a try.
Isn't it? _Highly_ recommended.
dnscache has a fixed size outstanding query buffer (compile-time 100
queries IIRC), and throws queries away if you overflow it. If you do
the obvious thing and recompile it with a larger buffer, as the match
between query and response is a _linear search_ (!), it degrades
atrociously. Especially if the admin naively recompiles for several
thousand entries.
[It's apparently even worse than that, but I disremember all the details.]
Unbound's buffer is run-time allocated, and reply/query matching is
hashed. I don't know anything about the guts of bind but it don't
degrade like dnscache either.
[I exiled myself off the Corporate DNS infrastructure (bind) for my mail
servers/traps occasionally causing one of their servers to drop _other_
queries for minutes at a time. I was DDOS'ing it. Hence the initial
foray into a server-coresident dnscache which behaved worse (but only
affected me), and then finally to a server-coresident unbound (which has
been 100% perfect so far).]
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg