<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">Hello, <div class=""><br class=""></div><div class="">We are preparing a special config of unbound which will allow one to use RPZ and benefit from a global GUI. </div><div class="">This will be embedded on firewall devices such as APU devices (4GB of RAM and 1GHz quad core AMD-G series ).</div><div class=""><br class=""></div><div class="">The zones we are dealing with could be of quite large size (largest is 468Mo) in size. </div><div class=""><br class=""></div><div class="">We have observed that after downloading the rpz files from our main RPZ server, It loads the server and uses ±3Go of RAM.</div><div class="">This seems quite strange because the total size of loaded RPZ files in the provided ex. below is 275Mo. </div><div class=""><br class=""></div><div class=""><br class=""></div><div class=""><div class="">last pid: 64525; load averages: 0.63, 0.57, 0.43 </div><div class="">up 0+03:03:48 16:05:00 35 processes: 2 running, 33 sleeping</div><div class="">CPU: 22.0% user, 0.0% nice, 9.1% system, 0.0% interrupt, 68.9% idle</div><div class="">Mem: 2263M Active, 752M Inact, 2316K Laundry, 422M Wired, 245M Buf, 481M Free</div><div class="">Swap: 764M Total, 60M Used, 703M Free, 7% Inuse</div></div><div class="">19073 unbound 4 52 0 2924M 2833M kqread 2 7:43 0.00% unbound</div><div class=""><br class=""></div><div class=""><br class=""></div><div class=""><br class=""></div><div class=""><b class=""><u class="">The questions are the following:</u></b> </div><div class=""><br class=""></div><div class="">1. Is there any specific parameters that we could use in order to minimise the RPZ memory impact ? </div><div class=""><br class=""></div><div class="">2. By default RPZ will use an AXFR zone transfer, can you confirm that this zone transfer is compressed ? (by RFC It should be)</div><div class=""><br class=""></div><div class="">3. What would you suggest as a general advise in order to tune the parameters (knowing that the zone content will change but not very often - like once a week)… </div><div class=""><br class=""></div><div class=""><br class=""></div><div class="">These are the default parameters we are using: </div><div class=""><br class=""></div><div class=""><div class="">##</div><div class=""># Server configuration</div><div class="">##</div><div class="">server:</div><div class="">chroot: /var/unbound</div><div class="">username: unbound</div><div class="">directory: /var/unbound</div><div class="">pidfile: /var/run/unbound.pid</div><div class="">root-hints: /var/unbound/root.hints</div><div class="">use-syslog: yes</div><div class="">port: 53</div><div class="">verbosity: 1</div><div class="">extended-statistics: no</div><div class="">log-queries: yes</div><div class="">hide-identity: no</div><div class="">hide-version: no</div><div class="">harden-referral-path: no</div><div class="">do-ip4: yes</div><div class="">do-ip6: yes</div><div class="">do-udp: yes</div><div class="">do-tcp: yes</div><div class="">do-daemonize: yes</div><div class="">so-reuseport: yes</div><div class="">module-config: "iterator"</div><div class="">cache-max-ttl: 86400</div><div class="">cache-min-ttl: 0</div><div class="">harden-dnssec-stripped: no</div><div class="">serve-expired: no</div><div class="">outgoing-num-tcp: 10</div><div class="">incoming-num-tcp: 10</div><div class="">num-queries-per-thread: 4096</div><div class="">outgoing-range: 8192</div><div class="">infra-host-ttl: 900</div><div class="">infra-cache-numhosts: 10000</div><div class="">unwanted-reply-threshold: 0</div><div class="">jostle-timeout: 200</div><div class="">msg-cache-size: 4m</div><div class="">rrset-cache-size: 8m</div><div class="">num-threads: 4</div><div class="">msg-cache-slabs: 8</div><div class="">rrset-cache-slabs: 8</div><div class="">infra-cache-slabs: 8</div><div class="">key-cache-slabs: 8</div></div><div class=""><br class=""></div><div class=""><br class=""></div><div class=""><br class=""></div><div class="">Thanks for your feedback. </div><div class=""><br class=""></div><div class=""><br class=""><div class="">
<meta charset="UTF-8" class=""><div style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); font-family: Menlo; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; text-decoration: none;">—<br class=""></div><span><img apple-inline="yes" id="BB4D0D93-54D8-41CD-95AE-059A1EBA4269" src="cid:9074469A-93B0-41E4-80A1-3D36C1A3F8EA" class=""></span>
</div>
<br class=""></div></body></html>