Re: suggetsed distro for Bind

Wed, 23 Jul 2025 06:48:10 -0700

Well I meant you can run docker containers inside a vm with qemu emulated hardware, that'd be the bad scenario ...you're right containers on bare-metal have full visibility of the Instruction set 

On 23/07/2025 15:19, Ondřej Surý wrote:
Docker/Podman is just a container, not *-virtualization platform, so there’s full access to the underlying hardware. 
--
Ondřej Surý — ISC (He/Him)
My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours.
On 23. 7. 2025, at 15:10, Carlos Horowicz via bind-users <bind-users@lists.isc.org> wrote: 


I’m not sure if a container will pass through the CPU instruction set required to leverage hardware acceleration on newer (or even not-so-new) Intel processors. In KVM, for example, you have to enable it explicitly. 

One way to check for supported instructions is:
grep -o -w 'aes\|sha_ni\|pclmulqdq\|rdseed\|rdrand\|avx\|avx2\|avx512' /proc/cpuinfo | sort | uniq
Hardware acceleration can be beneficial if you’re running a resolver that performs a lot of DNSSEC validation—SHA_NI in particular can speed up operations involving DS/NSEC/NSEC3 records. That said, if you’re only running an authoritative server or a small-scale resolver, crypto acceleration may not be critical.
Fwiw, my preferred distro for running BIND9 is Debian 12—it includes dnstap support out of the box. 

On 23/07/2025 14:57, Marc wrote:

Maybe consider running it in a container and keeping nice and small with alpine 
linux


I'd like to migrate from bind 9.11 lo last version.
This service is acting as cache dns server and It' running on Centos 7
server, what Linux distro do you suggest me for new Bind?

--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. 


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to