What happens when one out of three NSs are down?
Lawrence K. Chen, P.Eng.
lkchen at ksu.edu
Thu Jun 13 18:19:13 UTC 2013
----- Original Message -----
>
> > Any comments and best practice solution info very welcome.
>
> Folks with significant requirements with regard to high availability
> are likely to put a hardware loadbalancer running a VIP which
> receives DNS requests and balances it onto a pool of reals (aka the
> boxes running nameservers), including liveness checks so the LB will
> transparently migrate around a nameserver which is down.
>
>
Speaking of using a load balancer....I have wondered about putting our BigIP in front of our authoritative only nameservers, hadn't thought about doing it for HA. But whether it would help against DDos? I know there's a DNSFloodProtection iRule, and wonder if the BigIP does any protection of its own (or is it just the SYN flood DDoS that it does). Though I recall that they had published that GTM v11 has DNS DDoS protections, but our current platform is limited to 10.2.4 and we only have LTM.
Though if I did put the BigIP in front, would the DDoS traffic towards the nameserver VIPs, impact other services on the BigIP?
--
Who: Lawrence K. Chen, P.Eng. - W0LKC - Senior Unix Systems Administrator
For: Enterprise Server Technologies (EST) -- & SafeZone Ally
Snail: Computing and Telecommunications Services (CTS)
Kansas State University, 109 East Stadium, Manhattan, KS 66506-3102
Phone: (785) 532-4916 - Fax: (785) 532-3515 - Email: lkchen at ksu.edu
Web: http://www-personal.ksu.edu/~lkchen - Where: 11 Hale Library
More information about the bind-users
mailing list