Slaving from DNS masters behind LVS
Phil Mayers
p.mayers at imperial.ac.uk
Wed Feb 13 15:11:32 UTC 2013
On 13/02/13 14:30, Nick Urbanik wrote:
>
> I think that it is not necessarily always true that you should avoid a
> load balancer. Every day, our DNS caches are answering about 140,000
> queries per second. I think that it is rather hard to configure
> resolvers to query only three machines yet still meet the demand
> unless you either use very massive, expensive machines, or use load
> balancers.
>
> So the questions remain.
My rule of thumb is this:
1. For client->DNS comms (resolv.conf, DHCP-supplied DNS IPs, etc.) I
use a VIP. This allows for future scalability and adds/moves/changes
without time-consuming reconfiguring of clients, and avoid the problem
where some clients have poor/slow failover between DNS servers (unix
systems without nscd/lwresd).
2. For DNS->DNS comms I use real IPs. This includes "forwarders", NS
records, "masters" statements and so on. The rationale is that DNS
servers, when talking to other DNS servers, almost universally have
fast, intelligent detection of failures, and thus don't need the benefit
of a VIP.
However - as with all things, "it depends". There are circumstances
where VIPs (possibly only backed by one real server) are suitable for
DNS->DNS, and real IPs for client->DNS (e.g. resolv.conf on the DNS
server itself).
There's no one definitively "right" answer, since it depends on what
you're trying to achieve, and what architecture your network and
supporting systems have.
More information about the bind-users
mailing list