Improve performance for delegation heavy answers and also general query performance (#44029)
This commit is contained in:
Mukund Sivaraman
@@ -6,8 +6,6 @@
|
||||
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
*/
|
||||
|
||||
/* $Id: named.conf,v 1.36 2011/03/21 23:47:21 tbox Exp $ */
|
||||
|
||||
// NS2
|
||||
|
||||
controls { /* empty */ };
|
||||
@@ -25,6 +23,7 @@ options {
|
||||
dnssec-enable yes;
|
||||
dnssec-validation yes;
|
||||
notify-delay 1;
|
||||
minimal-responses no;
|
||||
};
|
||||
|
||||
zone "." {
|
||||
|
||||
@@ -6,8 +6,6 @@
|
||||
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
*/
|
||||
|
||||
/* $Id: named.conf,v 1.49 2011/10/28 06:20:05 each Exp $ */
|
||||
|
||||
// NS3
|
||||
|
||||
controls { /* empty */ };
|
||||
@@ -25,6 +23,7 @@ options {
|
||||
dnssec-enable yes;
|
||||
dnssec-validation yes;
|
||||
session-keyfile "session.key";
|
||||
minimal-responses no;
|
||||
};
|
||||
|
||||
key rndc_key {
|
||||
|
||||
@@ -6,8 +6,6 @@
|
||||
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
*/
|
||||
|
||||
/* $Id: named1.conf,v 1.3 2011/01/04 23:47:13 tbox Exp $ */
|
||||
|
||||
// NS4
|
||||
|
||||
controls { /* empty */ };
|
||||
@@ -21,10 +19,10 @@ options {
|
||||
listen-on { 10.53.0.4; };
|
||||
listen-on-v6 { none; };
|
||||
recursion yes;
|
||||
acache-enable yes;
|
||||
dnssec-enable yes;
|
||||
dnssec-validation yes;
|
||||
dnssec-must-be-secure mustbesecure.example yes;
|
||||
minimal-responses no;
|
||||
|
||||
nta-lifetime 10s;
|
||||
nta-recheck 7s;
|
||||
|
||||
@@ -6,8 +6,6 @@
|
||||
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
*/
|
||||
|
||||
/* $Id: named2.conf,v 1.3 2011/01/04 23:47:13 tbox Exp $ */
|
||||
|
||||
// NS4
|
||||
|
||||
controls { /* empty */ };
|
||||
@@ -22,10 +20,10 @@ options {
|
||||
listen-on { 10.53.0.4; };
|
||||
listen-on-v6 { none; };
|
||||
recursion yes;
|
||||
acache-enable yes;
|
||||
dnssec-enable yes;
|
||||
dnssec-validation auto;
|
||||
bindkeys-file "managed.conf";
|
||||
minimal-responses no;
|
||||
};
|
||||
|
||||
key rndc_key {
|
||||
|
||||
@@ -6,8 +6,6 @@
|
||||
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
*/
|
||||
|
||||
/* $Id: named2.conf,v 1.3 2011/01/04 23:47:13 tbox Exp $ */
|
||||
|
||||
// NS4
|
||||
|
||||
controls { /* empty */ };
|
||||
@@ -21,11 +19,11 @@ options {
|
||||
listen-on { 10.53.0.4; };
|
||||
listen-on-v6 { none; };
|
||||
recursion yes;
|
||||
acache-enable yes;
|
||||
dnssec-enable yes;
|
||||
dnssec-validation auto;
|
||||
bindkeys-file "managed.conf";
|
||||
dnssec-accept-expired yes;
|
||||
minimal-responses no;
|
||||
};
|
||||
|
||||
key rndc_key {
|
||||
|
||||
@@ -38,4 +38,48 @@ controls {
|
||||
zone "." {
|
||||
type hint;
|
||||
file "../../common/root.hint";
|
||||
}
|
||||
|
||||
key auth {
|
||||
secret "1234abcd8765";
|
||||
algorithm hmac-sha256;
|
||||
};
|
||||
|
||||
include "trusted.conf";
|
||||
|
||||
view rec {
|
||||
match-recursive-only yes;
|
||||
recursion yes;
|
||||
dnssec-validation yes;
|
||||
dnssec-accept-expired yes;
|
||||
|
||||
zone "." {
|
||||
type hint;
|
||||
file "../../common/root.hint";
|
||||
};
|
||||
|
||||
zone secure.example {
|
||||
type static-stub;
|
||||
server-addresses { 10.53.0.4; };
|
||||
};
|
||||
|
||||
zone insecure.secure.example {
|
||||
type static-stub;
|
||||
server-addresses { 10.53.0.4; };
|
||||
};
|
||||
};
|
||||
|
||||
view auth {
|
||||
recursion no;
|
||||
allow-recursion { none; };
|
||||
|
||||
zone secure.example {
|
||||
type slave;
|
||||
masters { 10.53.0.3; };
|
||||
};
|
||||
|
||||
zone insecure.secure.example {
|
||||
type slave;
|
||||
masters { 10.53.0.2; };
|
||||
};
|
||||
};
|
||||
|
||||
@@ -19,7 +19,6 @@ options {
|
||||
listen-on { 10.53.0.5; };
|
||||
listen-on-v6 { none; };
|
||||
recursion yes;
|
||||
acache-enable yes;
|
||||
dnssec-enable yes;
|
||||
dnssec-validation yes;
|
||||
};
|
||||
|
||||
@@ -21,7 +21,6 @@ options {
|
||||
listen-on { 10.53.0.6; };
|
||||
listen-on-v6 { none; };
|
||||
recursion yes;
|
||||
acache-enable yes;
|
||||
notify yes;
|
||||
disable-algorithms . { DSA; };
|
||||
dnssec-enable yes;
|
||||
|
||||
@@ -1187,11 +1187,9 @@ status=`expr $status + $ret`
|
||||
|
||||
echo "I:checking privately secure to nxdomain works ($n)"
|
||||
ret=0
|
||||
$DIG $DIGOPTS +noauth private2secure-nxdomain.private.secure.example. SOA @10.53.0.2 \
|
||||
> dig.out.ns2.test$n || ret=1
|
||||
$DIG $DIGOPTS +noauth private2secure-nxdomain.private.secure.example. SOA @10.53.0.4 \
|
||||
> dig.out.ns4.test$n || ret=1
|
||||
$PERL ../digcomp.pl dig.out.ns2.test$n dig.out.ns4.test$n || ret=1
|
||||
grep "NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1
|
||||
# Note - this is looking for failure, hence the &&
|
||||
grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null && ret=1
|
||||
n=`expr $n + 1`
|
||||
@@ -1200,11 +1198,9 @@ status=`expr $status + $ret`
|
||||
|
||||
echo "I:checking privately secure wildcard to nxdomain works ($n)"
|
||||
ret=0
|
||||
$DIG $DIGOPTS +noauth a.wild.private.secure.example. SOA @10.53.0.2 \
|
||||
> dig.out.ns2.test$n || ret=1
|
||||
$DIG $DIGOPTS +noauth a.wild.private.secure.example. SOA @10.53.0.4 \
|
||||
> dig.out.ns4.test$n || ret=1
|
||||
$PERL ../digcomp.pl dig.out.ns2.test$n dig.out.ns4.test$n || ret=1
|
||||
grep "NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1
|
||||
# Note - this is looking for failure, hence the &&
|
||||
grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null && ret=1
|
||||
n=`expr $n + 1`
|
||||
|
||||
Reference in New Issue
Block a user