DNS load balancing.

Fri Jan 21 10:47:27 UTC 2000

>>>>> "Carles" == Carles Xavier Munyoz =?iso-8859-1?Q?Bald=F3?= <Carles> writes:

    Carles> Hi!, I have two DNS servers (in different hosts) whith the
    Carles> same zones data base.  My users make DNS queries to the IP
    Carles> 111.111.111.111.  I would like to set up my firewall to
    Carles> resent one query to the DNS server A, and the next to the
    Carles> DNS server B, next A, next B, ...

    Carles> Has someone make something like this ?  

The resolver in BIND8 has a rotate option which does this. However
most applications only make one lookup - ping, telnet, ftp, etc - so
there's not much chance of them making a second lookup and moving on
to the next name server in the list.

    Carles> Is there any problem ?

None really, provided the name servers you use always behave
consistently. If server A returns different answers from server B,
your firewall will get very confused. You can also have fun and games
troubleshooting DNS problems because you might not know which name
server is being used for each query. And because of the way most
applications use the DNS, you might not see any "load balancing"
anyway.

    Carles> Any recomendation ?

I wouldn't bother with this. DNS lookups are not resource intensive,
so there's usually no need for load balancing resolvers. And if there
really is a need to load balance resolver queries, it suggests that
there are too many resolvers and not enough name servers. In that
case, fixing the underlying problem - say putting a name server on
each LAN and making all the resolvers on that LAN go there for their
lookups - would be a better option than tinkering with resolver
options that might not be available on every system.

Besides, shouldn't you be running a nameserver or two on the firewall
anyway?