dns server redundancy
Paul C
pcuttriss at hotmail.com
Thu Feb 10 20:29:03 UTC 2005
If the issue is consistent across all name servers then I think the
suggestion of more servers is valid.
If the issue tends to be on more on one than the others then load
balancing is certainly a way forward.
However, following the point Mark Andrews made about finding the problem
I had a thought. I have seen a syslog server absolutely crucify a dns
server when it was doing lookups to map IP to names in the syslog files.
To ease the load on the DNS server we set up NSCD on the syslog server,
immediately removing about 95% load from the DNS server.
Is it possible that you are having problems from clients such as this?
If you are then you could either set up client side caching or add them
to a deny acl for being unreasonable users of a service. Whatever you do
at least you will know where the problem comes from.
Maybe completely wrong but hey, you never know
Paul Cuttriss
Kris wrote:
> What's the best way to have dns server redundancy? In my case, we have
> issues with running out of recursive queries (we've jacked that limit up to
> 10000). From what I've read, it seems my best bet is to add more
> nameservers to the mix. If I set up the zone information for the nameserver
> as so:
>
>
> nameserver 600 IN A 10.0.0.3
>
> nameserver 600 IN A 10.0.0.4
>
> nameserver 600 IN A 10.0.0.5
>
>
>
> does this mean that requests for nameserver will be divided equally among
> the 3 servers listed? Will this, then, help alleviate the issue we're
> having with server failure due to excessive recursive lookups?
>
>
>
> FYI, here's my current named file.
>
>
>
> // named.conf
>
> acl "local" {
>
> localhost;
>
> 127.0.0.1;
>
> 10.0.0.1;
>
> 10.0.0.2;
>
> 10.0.0.3;
>
> 10.0.0.4;
>
> };
>
> acl "customers" {
>
> 10.0.0.10;
>
> 10.0.0.11;
>
> 10.0.0.12;
>
> 10.0.0.13;
>
> };
>
> acl "badusers" {x.x.x.x;
>
> x.x.x.x;
>
> };
>
> //
>
> options {
>
> directory "/etc/namedb/";
>
> allow-query { "local"; "customers"; };
>
> allow-recursion { "local"; "customers"; };
>
> allow-transfer {
>
> 10.0.0.1;
>
> 10.0.0.2;
>
> };
>
> minimal-responses yes;
>
> blackhole { "badusers"; };
>
> recursive-clients 10000;
>
> };
>
> logging {
>
> channel query_logging {
>
> file "/data/log/dns_query_log" ;
>
> print-time yes;
>
> };
>
> category lame-servers { null; };
>
> category queries {
>
> query_logging;
>
> };
>
> };
>
>
>
> zone "." {
>
> type hint;
>
> file "named.ca";
>
> };
>
>
>
> zone "0.0.127.in-addr.arpa" {
>
> type master;
>
> file "named.local";
>
> };
>
>
>
> zone "something.net" {
>
> type slave;
>
> file "something.db";
>
> masters { 10.0.0.1;
>
> };
>
> allow-query { any; };
>
> };
>
>
>
> zone "somethingelse.com" {
>
> type slave;
>
> file "somethingelse.db";
>
> masters { 10.0.0.1;
>
> };
>
> allow-query { any; };
>
> };
>
>
>
>
More information about the bind-users
mailing list