Load Balancer for DNS

[Gordon A. Lang]

The Cisco CSS (and the newer Cisco ACE module) load balancers handle DNS 
very well by disabling flow management for port 53 UDP packets.  The CSS 
provides a robust single point of service for DNS that isolates the clients 
from the back-end servers.  We also use anycasting with multipe CSS's 
advertising the DNS service address host routes.  And the CSS scripted 
keepalives are more reliable than having the servers check their own health.

A warning for anyone considering anycasting with the ACE Appliances (as 
opposed to the ACE modules): the ACE appliances have no routing protocols 
and no other way to communicate route health.

The CSS worked well for us because we already had several in operation, and 
they made it very easy to add considerable value.  However, I think the IP 
SLA router feature looks like a very attractive way to eliminate the CSS's 
from our anycast architecture.  While the CSS's have worked well for DNS, 
they can only work where they happen to already exist -- we cannot justify 
buying load balancers just for DNS purposes -- and with the lack of OSPF on 
the ACE appliances -- which is our impending upgrade path -- we will be 
migrating DNS off of the load balancers asap.

FWIW

--
Gordon A. Lang  /  313-819-7978