Re: Significant memory usage

interfaces, which already handle a lot of offloading and fair IRQ distribution at the NIC level — so I wonder if you ever ran into performance limitations with Redis under similar loads, or decided against it for architectural reasons. Just curious Thank you Carlos Horowicz

Re: Significant memory usage

“CNAME .” redirection is applied, which makes me wonder if using A/ redirection to 127.0.0.1 is ultimately more robust. Apologies if this adds noise to the thread — feel free to disregard if not relevant. Best regards, Carlos Horowicz Planisys On 01/07/2025 21:00, Ondřej Surý wrote: You&#x

Re: Significant memory usage

Apparently you have 295108 zones, maybe you can try one single rpz zone with all 295108 fqdn's like . 12724[.]xyz IN CNAME . 21736[.[xyz IN CNAME . . instead of one zone per fqdn, and see if the memory footprint changes (both VMEM and RES) Good luck! Carlos Horowicz Planisy

Re: Significant memory usage

issues in recent BIND versions — BIND 9.18.33 on Debian 12 is a tremendous beast, capable of handling millions of QPS — but after reducing logging (including DNSTAP) and disabling serve-stale, I saw a significant improvement in both performance and memory usage. Best regards, *Carlos Horowicz

Re: QNAME minimisation question

Hi The problem seems related to "No zone cut at 90.45.in-addr.arpa." , shouldn't trigger a SERVFAIL with qname-minimisation relaxed This is strange, because the intermediate response has a SOA , and NSEC seems enough to fail-over to qname-minimisation off .. it seems you're force to set the

Re: Massive increase of SERVFAIL after April 28th 2025.

ftp.lip6.fr -> nephtys.lip6.fr soleil.uvsq.fr (193.51.24.1)    nephtys.lip6.fr -> 132.227.74.17 HTH Carlos Horowicz Planisys On 01/05/2025 18:07, vinc...@cojot.name wrote: Hi Carlos, First of all, I'd like to say how sorry I was for those affected, as I was watching the events un

Re: Massive increase of SERVFAIL after April 28th 2025.

everything up. So may be that was the reason, if it coincides with your perception ... dnstracer has eventually helped me find lame delegations. Carlos Horowicz Planisys On 01/05/2025 17:23, Rob McEwen via bind-users wrote: From vinc...@cojot.name until a few days ago (April 28th?) when the

Re: ECS subnet

Hi, you mean "edns-client-subnet yes;" in opensource bind9.18 right ?  ("unknown option 'edns-client-subnet'") -Carlos On 17/02/2025 18:00, Petr Špaček wrote: On 14. 02. 25 17:41, Rainer Duffner wrote: Am 14.02.2025 um 17:39 schrieb Greg Choules : Hi. Is this a question about BIND, or Unb

Re: Executive Order 14144 - encrypted DNS

DoT instead of plaintext UDP/53 , but also zone transfers over the Internet encrypted with TLS (thus the reference to certificates). -Carlos On 27/01/2025 14:02, Carlos Horowicz via bind-users wrote: IMHO this has nothing to do with DNSSEC, it sounds more like the urge to encrypt resolver

Re: Executive Order 14144 - encrypted DNS

IMHO this has nothing to do with DNSSEC, it sounds more like the urge to encrypt resolver traffic (I guess they're referring to DoT) On 27/01/2025 13:55, Marc wrote: FYI - EO 14144 has the following provision related to encrypting DNS: (c) Encrypting Domain Name System (DNS) traffic in transit

Re: Question about post-quantum X25519Kyber768

n Internet Draft — there is a helpful page here: https://authors.ietf.org/en/home <https://authors.ietf.org/en/home> . W Robert Wagner *From:* bind-users on behalf of Carlos Horowicz via bind-users *Sent:* Thu

Question about post-quantum X25519Kyber768

Hi there, does anyone know of the bind developers thinking of incorporating post-quantum cryptography into bind9 , like Cloudflare with X25519Kyber768 on BoringSSL ? I'm just curious about if there are thoughts or ongoing work, or if this is in the near roadmap at all. Thank you, C

Re: views-based RPZ

Petr Špaček Internet Systems Consortium What sort of QPS are each of your servers handling? Cheers, Greg On Sun, 25 Aug 2024 at 05:27, Grant Taylor via bind-users mailto:bind-users@lists.isc.org>> wrote:     On 8/24/24 07:37, Carlos Horowicz via bind-users wrote: > 2. if RPZ re

Re: views-based RPZ

rver first. Hope that helps. Cheers, Greg On Fri, 23 Aug 2024 at 20:43, Carlos Horowicz via bind-users wrote: Hello List, an ISP has brought a case where several customers do not agree with our web interface portal that lets select different RPZ zones to be activated fo

views-based RPZ

configured, or even be set to "unlimited" ? Thanks in advance Carlos Horowicz Planisys -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.o

views-based RPZ

configured, or even be set to "unlimited"  ? Thanks in advance Carlos Horowicz Planisys -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://w

Re: Switching from rhel base 9.16 to 9.18 copr

I used these symlinks to transition from RHEL standard 9.16 to COPR 9.18 ln -s /var/opt/isc/scls/isc-bind/named /var/named ln -s /etc/opt/isc/scls/isc-bind/named.conf /etc/named.conf ln -s /var/opt/isc/scls/isc-bind/run/named /run/named ln -s /opt/isc/isc-bind/root/usr/sbin/rndc /usr/sbin/rndc ln

Re: DNS NXDOMAIN flood

which is 15 seconds, maybe too long for your link saturation problem. For more options see https://bind9.readthedocs.io/en/v9.18.19/reference.html#namedconf-statement-rate-limit Regards, Carlos Horowicz Planisys On 02/11/2023 05:58, Mosharaf Hossain wrote: Hello Folks I have come across a