1 |
On 11/10/2015 04:13, James wrote: |
2 |
> Howdy, |
3 |
> |
4 |
> So I now have (5) statics and a fiber feed, with lots of room to grow. |
5 |
> |
6 |
> I need to setup DNS primary/secondary systems on gentoo. So right now I'm |
7 |
> looking for a suggested list of packages to install with Bind, iptables and |
8 |
> DNSSEC-tools as these (2) gentoo dns servers will only run the minimum |
9 |
> packages to operate securely? |
10 |
|
11 |
auth or cache? |
12 |
|
13 |
First of all, bind is a pain to use. Reason: it's actually a reference |
14 |
implementation that as usual got forced into production use. It's slower |
15 |
than it could be because it deals with every possible corner case per RFC. |
16 |
|
17 |
As an auth server (few queries) it's OK |
18 |
As a cache (many queries), there are better servers out there. I prefer |
19 |
unbound. |
20 |
|
21 |
|
22 |
> Also, what is the (nominal) minimum amount of RAM needed to keep all routes |
23 |
> in ram in these name servers? |
24 |
|
25 |
I don't understand. DNS servers don't keep routes in memory - routers do |
26 |
that. Perhaps you mean cached DNS records? |
27 |
|
28 |
DNS is light on RAM, there are only so many records typical users will |
29 |
look up. DNS caches not too long ago ran for years problem free with a |
30 |
puny few hundred MB. It's not something to be worried about. |
31 |
|
32 |
|
33 |
-- |
34 |
Alan McKinnon |
35 |
alan.mckinnon@×××××.com |