[Mailman-Users] Slow delivery
Brad Knowles
brad at shub-internet.org
Fri Mar 9 05:37:48 CET 2007
At 8:46 PM -0700 3/8/07, vancleef at lostwells.net wrote:
> Maybe this is a good time to ask just how DNS-intensive the
> non-sendmail MTA's are. I am finishing off the basics on installing
> sendmail with Mailman, and am including some discussion of the need to
> install a good fast-response caching DNS server to work with sendmail.
All MTAs I know of are pretty DNS-intensive in their operation. The
more anti-spam or anti-virus filtering you do, or the more other
things you do to check the incoming mail, the more DNS-intensive that
work is going to be.
Of course, most MTAs should give you options on how to configure them
so that they don't generate any DNS traffic at all, but then what
you're doing is effectively turning off about 99.99% of what the MTA
is intended to do when handling mail.
In this respect, I don't think that sendmail is necessarily much
worse or much better than any other MTA.
> Since then I've installed master and slave servers for my Intranet
> LAN, but I would heartly recommend having at least a plain caching
> server on the box that's running the MTA.
Years ago, this was actually a bit of a sore point amongst the
experts. Some said that you were better off having a smaller number
of centralized caching nameservers, which handled all DNS traffic for
the entire network.
Others said that you're better off having caching nameservers running
on each box, to spread that load out.
Of course, the issue there is that Box A might do a DNS query of some
sort, and retrieve data that could later be used by Box B, but if
both machines are running their own nameservers as opposed to a
centralized caching nameserver, then both machines will end up doing
the same query, causing increased load on the remote end, etc....
Moreover, large caching nameservers can take up hundreds of megabytes
(or even a couple of gigabytes) of RAM, so if you've got servers that
are already using lots of RAM to process all their "real" work, then
you may not have enough RAM to also run a large caching nameserver on
the box.
Finally, sometimes consistency is more important than raw speed. In
other words, sometimes it's more important that the clients see that
they get the same answers regardless of which server they ask, and
the actual raw performance is not quite so important. For example,
when an AOL user sends e-mail to a remote recipient, it would be
really bad for that user to get "okay, message accepted" on the first
try and then "invalid domain" on the second try, and then get "okay,
message accepted" on the third try, or whatever. Since the DNS
changes frequently, you could easily wind up with some pretty
radically different views of the world on different servers, based on
when they asked what questions.
To solve all these issues, what was recommended was a hybrid
approach. Run local caching-only servers on each box, but then have
them forward all outgoing queries to a central set of caching-only
nameservers.
The local nameserver would short-circuit all the repetitive queries
from the same application to talk to the same remote system, while
the centralized caching nameservers would ensure that everyone gets
the same answer to a particular question, and would ensure that you
don't actually send your queries to the outside world unless no
machine at that site had asked that question within the time-to-live
of the answer.
DNS experts now agree that it's a generally a bad idea to have
hierarchies of nameservers, although the overall problems have not
otherwise changed.
So, pick your poison, but don't try to go with the hybrid approach.
It creates too much of a central bottleneck and slows things down,
and it also reduces your overall reliability of the system.
Of course, all detailed DNS questions should be asked on the
appropriate mailing lists and/or newsgroups, although I can try to
summarize as best I can -- I was a technical reviewer of 2nd edition
of Cricket's book, and I'm in the process of writing my own book on
DNS security.
> While all of my experience is with sendmail, I'm inclined to suspect
> that the other MTA's all can stand a shot of local DNS service.
> Anybody who can confirm this for Postfix, Exim, etc.?
All MTAs I know of make intensive use of the DNS -- sendmail,
postfix, Exim, etc....
--
Brad Knowles <brad at shub-internet.org>, Consultant & Author
LinkedIn Profile: <http://tinyurl.com/y8kpxu>
Slides from Invited Talks: <http://tinyurl.com/tj6q4>
More information about the Mailman-Users
mailing list