tuning

Sam Trenholme strenholme.usenet at gmail.com
Tue Jan 12 09:06:47 EST 2010 

> would you please recommend settings for MaraDNS recursive highly loaded DNS server?

How about multiple servers, using Deadwood as a front end load
balancer/cache.  Something akin to this:

ISP users ---> Server running Deadwood as load balancer ---> Multiple
MaraDNS servers

This way, the load is spread among several machines.  MaraDNS is
pretty CPU-bound when used as a recursive server and heavily loaded
(all of those threads).  My goal this year is to make Deadwood fully
recursive and thread-free so it's not as CPU-bound when heavily
loaded.  Then again, this thread-free Deadwood will need a separate
process for every CPU/core on a heavily loaded server.

Also, if a MaraDNS server is used *only* for recursion, set
dos_protection_level to 78.  Lower protection levels should only be
used if the server is also authoritative, or if you're using MaraDNS
with known phish/malware domains disabled.

Another idea: Set min_ttl to 3600, so a given domain is only processed
once every hour.

Deadwood is included with MaraDNS 1.4.02, in the deadwood-2.4.10
directory.  Deadwood is MaraDNS with caching, but without recursion
nor threads.  It's a DNS load balancer on steroids.  If you find
Deadwood 2.4 is too heavily loaded, look in to Deadwood 2.3 with
recursion disabled.

Let us know what things work for you.  The reason MaraDNS doesn't have
documentation for this is because people using MaraDNS in heavily
loaded environments haven't shared enough ideas, information, and
experience with us for me to write up a HOWTO on the subject.

- Sam

Note: I do not answer MaraDNS support requests sent by private email
without being compensated for my time. A MaraDNS support request is
any and all discussion you may wish to have about MaraDNS in private
email; if you want to email me to talk about MaraDNS then, yes, that
is a support request. I will discuss rates if you want this kind of
support. Thank you for your understanding.

MaraDNS security vulnerability reports, however, will be dealt with
without charge and kept confidential. If you don't know what Bugtraq
is, then, no, your email is not a security report.

More information about the list mailing list