[rbldnsd] regular expression support for rbldnsd
Steven Champeon
schampeo at hesketh.com
Thu Aug 13 01:18:11 MSD 2009
on Wed, Aug 12, 2009 at 01:59:47PM -0700, Scott Haneda wrote:
> On Aug 12, 2009, at 1:22 PM, Steven Champeon wrote:
>> OK, I took the stock 0.996b, built it out, and ran my test IPs (hosts
>> from which my patterns were derived, so pretty much guaranteed not to be
>> hosts I have blocked via iptables - e.g., none will match) against a
>> zone derived from my iptables blocks, and here's the dnsperf output:
>
> Thanks! Very glad you posted that, those stats are impressive for the app
> on that hardware. I am about to deploy an idea using a MacMini as a target
> machine. I figure, rbldnsd does need really need hard drive, and all
> memory. I can put 4GB in that machine, which should load some rather large
> zones.
Our first incarnation (built out of the regexes using re2c, plugged into
a Net::DNS perl daemon, shudder) ran on a Mini for a year; I think its
peak perf was around 400 q/s. rbldnsd is much better :)
> Are you aware of any other issues with OS X as a deployment target? I hear
> smatterings of issues with max open files and max open ports and such,
> which can be adjusted, but only to a certain point. It may not even be
> related, but it did come up on dovecot and I believe postfix.
No, not with deploying rbldnsd; obviously there are the usual launchctl
hiccups to be worked around, fine-tuning the LaunchDaemons file, etc. but
it's been relatively painless. (I could be suppressing some nightmare or
other; it's been a year and a half or so since I did the first deploy).
We're running one version on OS X Server on an XServe, another under
CentOS5 and another under Fedora Core 3 (Heidelberg). This in addition
to the test platforms (my aforementioned MacBook, and an old G5 dualie).
> I am not sure this will help you in any way, but it may help to just
> get it out there... I made a rbldnsd portfile for MacPorts, which
> makes installing it one command. This software does not update much,
> so it probably does not help too many.
>
> http://trac.macports.org/browser/trunk/dports/net/rbldnsd/Portfile
>
> However, your patch may be a good idea to include as a variant, which
> would allow one to add in your patch with `sudo port -d install
> rbldnsd +regex`
Sounds good! Let me know what I'd need to do, if anything. I'd be
surprised to see too many big players running it on OS X, but what the
heck. It's appreciated.
FWIW, I ran a longer set of tests (-l360 to dnsperf) and I'm getting
around the same numbers (I was using the laptop at the time, too, so
who knows, but still encouraging):
IP only:
Queries per second: 32896.667611 qps
A:
Queries per second: 30487.563331 qps
TXT:
Queries per second: 29996.294097 qps
Steve
--
hesketh.com/inc. v: +1(919)834-2552 f: +1(919)834-2553 w: http://hesketh.com/
antispam news, solutions for sendmail, exim, postfix: http://enemieslist.com/
More information about the rbldnsd
mailing list