I’m not sure if a container will pass through the CPU instruction set
required to leverage hardware acceleration on newer (or even not-so-new)
Intel processors. In KVM, for example, you have to enable it explicitly.
One way to check for supported instructions is:
grep -o -w 'aes\|sha_ni\|pclmulqdq\|rdseed\|rdrand\|avx\|avx2\|avx512'
/proc/cpuinfo | sort | uniq
Hardware acceleration can be beneficial if you’re running a resolver
that performs a lot of DNSSEC validation—SHA_NI in particular can speed
up operations involving DS/NSEC/NSEC3 records. That said, if you’re only
running an authoritative server or a small-scale resolver, crypto
acceleration may not be critical.
Fwiw, my preferred distro for running BIND9 is Debian 12—it includes
dnstap support out of the box.
On 23/07/2025 14:57, Marc wrote:
Maybe consider running it in a container and keeping nice and small with alpine
linux
I'd like to migrate from bind 9.11 lo last version.
This service is acting as cache dns server and It' running on Centos 7
server, what Linux distro do you suggest me for new Bind?
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
