[Flounder] DNS Caching Server

DL Neil NZOSS at etelligence.info
Mon May 30 20:30:06 AEST 2022


On 30/05/2022 00.25, Russell Coker via Flounder wrote:
> On Friday, 27 May 2022 06:02:06 AEST DL Neil via Flounder wrote:
>> On 26/05/2022 20.53, Russell Coker via Flounder wrote:
>>> On Wednesday, 25 May 2022 18:46:50 AEST DL Neil via Flounder wrote:
>>>> Am most used to dnsmasq (local network and VMs).
>>>>
>>>> SpamAssassin + DNS-WhiteList/BlackList docs say to use a DNS caching
>>>> server, but specifically-not dnsmasq.
>>>
>>> Why do they recommend not dnsmasq?
>>
>> «Dnsmasq should not be used by SpamAssassin since it can only forward to
>> other DNS servers.»
>> https://cwiki.apache.org/confluence/display/spamassassin/CachingNameserver
> 
> That's not a reason to not use it.  Running a caching server that talks to a 
> single other server is a relatively common configuration.

Having used dnsmasq for years/decade+ this caused disgruntlement (and I
like my grunts)! Thus, a little digging into the claim...

Unfortunately, in this situation (low volume user of the DNSWL, thus
$free access, but limited by number of DNS-queries per 24-hrs), the
problem of using a DNS Service (or the service-provider's) is that
others will also contribute to the query-limit.

Sure-enough, reports were returning rejected calls. Accordingly, being
the only/single IP-source of all queries has put the WL to work,
successfully.


>>>> VPS resources are OK, but CPU probably of most concern.
>>>>
>>>> Seeking recommendations based on your use/experience, eg unbound, bind,
>>>> ..., please?
>>>
>>> BIND has always worked for me.
>>
>> Yes, but it 'does it all', and is more resource-hungry - or as some say:
>> over-large/bloated.
> 
> https://doc.coker.com.au/papers/benchmarking-mail-relays-and-forwarders/
> https://etbe.coker.com.au/2021/05/03/dns-lots-ips-postal/
> 
> In 2006 I presented a paper on benchmarking mail relays and forwarders which 
> surprisingly showed that BIND as a name server was a major bottleneck.  At the 
> time I didn't investigate any other DNS caches as the mail server software was 
> my main focus.  In 2021 I repeated the same tests on bigger hardware and found 
> that DNS wasn't a bottleneck at all.
> 
> My conclusion is that if you do this sort of thing on hardware that was 
> affordable in 2006 then the performance of the DNS server is an issue.  But if 
> you use it on affordable hardware in 2021 then it's no big deal.
> 
> As for the servers I run at the moment, my email is currently stored on a 
> server with hard disks and that is obviously the bottleneck.  In a year or so 
> it will be on a server with NVMe and there won't be any bottlenecks.

This is surprisingly helpful. Whilst not quite in the 2006 category, the
VPS' config is becoming 'old':

CentOS 7.9
SpamAssassin x86_64 3.4.0 (CentOS 6.el7 release)
Postfix 2.10.1
unbound 1.6.6

inxi reports that it is running well within (<80%) its parameters, but
it is small.

I'm not going to uninstall unbound and install bind to perform a
comparison, but you can see why I was shying-away from something rumored
to be resource-hungry.

Thanks!

--
Regards
=dn


More information about the Flounder mailing list