LinuxSA Mailing list archives

  From: Mark Newton <newton@atdot.dotat.org>
  To  : Alan Kennington <akenning@dog.topology.org>
  Date: Wed, 31 Jan 2001 11:45:03 +1030

Re: uh oh! -- BIND's no good again - warning, warning

On Wed, Jan 31, 2001 at 11:30:32AM +1030, Alan Kennington wrote:

 > But it turned out that the real manual is the file
 >     bind-9.1.0/doc/arm/Bv9ARM.html
 > Pretty obvious, really! (Not.)

It's referenced in the release notes, though! 

 > I was in a bit of a panic, because I knew that those pesky hackers were
 > writing exploits while my 16 MB machine was grinding/paging its way
 > through the build process.

You could have shut down your nameserver if you were really worried about
that (that's what secondary servers are for).

 > > Again, this is not unusual.  named always gets large, because it caches
 > > fairly aggressively.
 > 
 > Large is no great problem in general.
 > But if the old named runs in one process of 2 MBytes at start-up,
 > and the new one runs in 5 processes of 2 MBytes, then I don't count
 > this as an improvement. If the software had been written by MS,
 > people would call this bloatware. 
 > But since linux is without sin....
 
Are you sure you're counting correctly?

named v9 is multithreaded.  Are you sure you're not seeing 5 threads
sharing the same 2 Mbytes?  I don't think the situation is anywhere
near as bad as you're making it sound (indeed, it's probably about 20% 
as bad :-)

 > > It seems that quite a bit of this would be alleviated if you used a 
 > > server which was properly equipped for the job and read the release
 > > notes.
 > ----------------------------------------------------------
 > 
 > Well, this is not a criticism, but 2.2 years ago, I sounded
 > you out on the issue of firewall hardware, and you said you used an
 > old 486 for yours (running BSD, I think?), and I followed suit by
 > putting my firewall and anything else that had to run 24 hrs/day
 > on an old 486 with 16 MBytes RAM and 400 MBytes disk.
 
But why are you running your nameserver on your firewall?  My 486
firewall didn't run named, it was just a firewall:  Packet filtering, 
routing, maintaining the PPP link I used to run, etc.

 > For the log files, I eventually added a 13 GB disk.
 > But I think maybe the days of getting linux to run nameserver,
 > webserver, firewall, mailserver on an old second-hand 486
 > are over.
 > Clearly I need to build a new 24-hour machine.

They're not, but named needs (and has always needed) more memory.
A 486 is still fine for the job, because nothing which runs on it
is very CPU intensive (including BIND, if you choose to run it there).
But you can't expect to run something which routinely expands its 
working set to over 30 Mbytes to run happily on an 8 or 16 Mbyte
machine.  Add RAM and you'll be fine.

   - mark

--------------------------------------------------------------------
I tried an internal modem,                    newton@atdot.dotat.org
     but it hurt when I walked.                          Mark Newton
----- Voice: +61-4-1620-2223 ------------- Fax: +61-8-82231777 -----

-- 
LinuxSA WWW: http://www.linuxsa.org.au/  IRC: #linuxsa on irc.linux.org.au
To unsubscribe from the LinuxSA list:
  mail linuxsa-request@linuxsa.org.au with "unsubscribe" as the subject