DA can't handle >10.000 reccords in zone

[ShadowM]

As with an earlyer post when setting up an arbitrary DNS-Blacklist (for an IRC-server)

We've come to the conclusion that DA can't handle DNS-zoned larger then apx. 10.000 reccords in a zone.

when trying to either view( in the panel itself) , add, remove or other actions via the CMD_DNS_API it simply times out, and thus does not complete the request. ( it says it did, but checks have proven the command is not processed !)

In some feedback from DA itself they've managed to optimise the DNS_API a bit ( gained a 2.000 entries extra to handle) , but as for now we were forced to go around DA with own scripting ( php ) to generate the zone ( it holds apx. 88.000 ip's atm )

So beware of these limitations when you are planning to set up a large zone..

just hope they manage to pull this limit way up so we can handle the zone again via DA.

If anyone else has run into the same problem, contact me, and i'll make the script(s) available.

 

[pucky]

Huh? Why would you want 10K in a zone file anyway? Makes no sense. Surely there must come a time when there is a limit placed even in a zone file. Its certainly out of the norm and highly unprobable.

 

[ShadowM]

Huh? Why would you want 10K in a zone file anyway? Makes no sense. Surely there must come a time when there is a limit placed even in a zone file. Its certainly out of the norm and highly unprobable.

never played with DNS blacklists ?

DNS blacklists are based on a reverse lookup-zone

if an ip ( in reversed form) is resolved in that zone to something like 127.0.0.x , where x > 1
then it is a match, and thus an ip is blacklisted/banned

we use it to block out unwanted proxies/botnets/shells etc.
(all the bad stuff)

we use it as an addition to public blacklists, as they do not suffice we were forced to take this setup ourselves

public ( irc-related blacklists) :

- ircbl.ahbl.org
- dnsbl.njabl.org

 

[VinceSTM]

you can create multiple blacklists if only for private use?

01.proxy.yourdomain.com
02.proxy.yourdomain.com
03.irc.yourdomain.com
04.whatever.yourdomain.com

?

 

[ShadowM]

you can create multiple blacklists if only for private use?

01.proxy.yourdomain.com
02.proxy.yourdomain.com
03.irc.yourdomain.com
04.whatever.yourdomain.com

?

Not a real option, concidering coding the removal procedure for users ...

and the speed in checking (lookup) is reduced on the irc-server, as it has to do multiple queries.
in the current situation it would mean that we would be splitting up our zone in 8+ zones

and proxies/botnets are faster then mice reproduce, so in handling it all it's not a real option

and yes, it's a private zone, only the localhost can access it ( configged in bind conf)

i only posted my findings as to letting other DA users know of this limitation, not as a real problem, we've solved it our own way.

 

[nobaloney]

DirectAdmin is a Control Panel for shared webhosting. While it works for some other functions, it wasn't designed for them.

This is a good soluiton for creating a blocklist.

Jeff

 

[ShadowM]

DirectAdmin is a Control Panel for shared webhosting. While it works for some other functions, it wasn't designed for them.

This is a good soluiton for creating a blocklist.

Jeff

Yes it is, just not suited for use on IRCservers

 

[mattb]

The question remains.. why attempt to use the DNS Manager feature of DA to add 10K of records via a web-control panel.

You would be better off just editing the file by hand. (ie: vi / pico ).

 

[nobaloney]

ShadowM,

DA wasn't designed for IRCservers either.

mattb,

Do you really want to add 10,000 records with an editor? Even a good one ?

I'd write a program.

Jeff