deploying DNS in large ISP
Brad Knowles
brad.knowles at skynet.be
Wed Jul 4 09:20:48 UTC 2001
At 7:45 PM -0700 7/3/01, Duane Powers wrote:
> I'm wondering if anyone is using a server farm/cluster for DNS? How are
> the big guys doing it? Earthlink, AOL etc...
I can tell you how I set it up for AOL at the time I worked there.
> What device can be run in
> front of the boxes to load balance the traffic? Any help on this would
> be greatly appreciated.
When I set up the central caching farm at AOL, we used a set of
four DEC Alpha 4100 machines, each with four processors and 4GB of
RAM, and a separate copy of BIND 8 that was assigned its own virtual
IP address on the FDDI interface, and was bound to a particular
processor. We then set up DECSafeASE in a cross-failover mesh
between the sixteen processors. My testing indicated that each copy
of BIND could serve up to at least 2000 queries per second, and
having multiple copies of BIND on the machine didn't seem to impact
the throughput of the others.
So, the entire farm should have been able to handle at least
32,000 DNS recursive/caching queries per second.
What we then did was to set up a set of separate
recursive/caching-only nameservers for each specific service within
the company, and if they didn't have the answer in their local cache,
they would forward that query to the central cache farm I had set up.
These days, I do not suggest using forwarding. It creates
configurations that are too complex and too likely to cause more
problems than it solves. See pages 333-335 of Chapter 11 in the 4th
edition of _DNS and BIND_, written by Paul Albitz & Cricket Liu
(published by O'Reilly & Assoc).
If you don't happen to have a copy of this book, there happens to
be an electronic version of chapter 11 available online at
<http://www.oreilly.com/catalog/dns4/chapter/ch11.html>. You can
search for "The trouble with forwarding" and read what it has to say.
Also, I do not suggest using BIND 8 any more. I suggest you use
BIND 9 instead. If you are particularly paranoid about not using
anything at your site that has not been used as a root nameserver,
then you need to stick with BIND 8 for a little while longer, but
otherwise I would encourage you to make the upgrade as soon as you
can feasibly do so.
In your case, what I would suggest is running a copy of named on
each machine that needs DNS services. This helps ensure that as you
scale the number of clients that need nameservices, you also scale
the number of systems that are providing nameservices, and you don't
take a risk of overloading a dedicated set of central
recursive/caching-only servers.
--
Brad Knowles, <brad.knowles at skynet.be>
/* efdtt.c Author: Charles M. Hannum <root at ihack.net> */
/* Represented as 1045 digit prime number by Phil Carmody */
/* Prime as DNS cname chain by Roy Arends and Walter Belgers */
/* */
/* Usage is: cat title-key scrambled.vob | efdtt >clear.vob */
/* where title-key = "153 2 8 105 225" or other similar 5-byte key */
dig decss.friet.org|perl -ne'if(/^x/){s/[x.]//g;print pack(H124,$_)}'
More information about the bind-users
mailing list