We are an internet company based on Turkey.

We have an amazing censorship in here, youtube, dailymotion and dozens of
websites are blocked on DNS level, some of them have been blocked by their
IPs. So, we would like to build couple of DNS servers, which will redirect
those websites to their non-blocked IPs. We won't have additional
configuration for websites which have been blocked on DNS level, as you

However, we also want to provide content filtering, like phishing, badware,
adult filtering. We expect around 10.000 queries per second in the mid-term.
We want to setup this system with minimal patching. So, Bind is good
solution at this moment as it's authoritative and caching servers work
together. We are still doing R&D by the way.

We will setup around 200-300 domains with their zones. They will be for
blocked domains. We will also setup around 200.000-250.000 domains, with
Bind's "views" feature. All the domains will point to one zone file, which
will redirect requests to our web server. So, if someone want to have
badware filtering, we will put his/her IP to the ACL.

We did some experimental testing, and it worked perfectly, but when we add
200.000 domains to the config file, reload takes more than 20 minutes. We
have used Core2Duo, 2 gb ram computer in this test. We need to reload the
config once an hour, so with this result, it will make it impossible. Since
we have only 300 zones, reloading zones is not a solution. We need to reload
ACLs, and 200.000 domains. Is there any different solution for this? For
example we can separate the config files, and reload only some files, is it

Bind DLZ isn't a good solution because as I said we expect 10.000 queries
per second in mid-term and don't know what it will be in the long term.
Performance is important.

We can also buy some mid-ranged servers, but I don't know whether it will
make big difference (20 min to under 30 sec - 1 min)

If I missed something obvious, sorry from now on.


Serdar Sahin