Although NxFilter is designed to handle several thousand users easily, there are several parameters you can adjust to get the best performance.
Memory sizeAt default, NxFilter uses up to 768 MB RAM. This is enough for most users. But if you allocate a bigger memory to NxFilter you can expect a better performance. In NxFilter startup scripts, /nxfilter/bin/startup.sh you have a start option like below,
If you want to increase it to 2 GB then change '-Xmx768m' to '-Xmx2048m'.
java -Djava.net.preferIPv4Stack=true -Xmx768m
Normally, you don't need more than 3 GB of memory for NxFilter even if you have several thousand users.
Reducing the amount of log dataNxFilter has various logging/reporting features. These kinds of features require a lot of disk space. When you have a huge size of reporting data your system may experience a performance degrading. If you have more than several hundred users, it might be better to have at least 10 GB of disk space for the traffic DB. Or to save the disk space, you can reduce the size of traffic DB. To reduce the size of the traffic DB, you can adjust the value for 'Log Retention Days' on 'System > Setup'. The other way of reducing the amount of traffic data is to make a whitelist with 'Bypass Logging' option for the domains you are not interested in.
The number of request handlersNxFilter is a multi-threaded program. It has multiple worker threads processing client DNS requests. The default number of request handler is 8 and it is enough for most cases. But if you think your NxFilter responding slowly, you can try to increase it. To increase it to 16, add the following line into /nxfilter/conf/cfg.properties file and restart NxFilter. rh_num = 16
Client cache TTLNxFilter can manipulate client cache TTL. On 'DNS > DNS Setup', there are 'Minimum Cache TTL' and 'Block Cache TTL'. You can increase these values to reduce the amount of DNS queries from your client systems.
Negative cacheSome softwares keep sending DNS queries for the domains not existing anymore. And there are softwares sending IPv6 queries for the domains not having IPv6 records. At default, NxFilter doesn't keep any cache for these negative DNS responses and it will be very busy with them. To reduce the workload for NxFilter, you can enable 'Use Neative Cache' on 'DNS > Setup' for keeping negative responses in its cache up to 15 minutes.
Filtering A, AAAA queries onlyWe have 'Filter A Query Only' option for NxFilter, NxCloud and NxRelay. With this option enabled, they will filter A and AAAA types of DNS queries while bypassing other types of queries. As a result, you will have a smaller traffic database for logging and report and the load for your filtering server will be reduced.
You can find the option on 'System > Setup' for NxFilter and NxCloud and for NxRelay, you can set 'a_query_only' option on its config file.