Load balancer for Bind
Phil Mayers
p.mayers at imperial.ac.uk
Thu Sep 15 14:43:03 UTC 2016
On 14/09/16 20:41, Matthew Pounsett wrote:
> Your best option is something that can do the job statelessly. As
> Warren says, anything that keeps state (firewall, load balancer, etc.)
> becomes a DoS target... or, at best, becomes the thing that runs out of
> resources before your network or your DNS servers do.
>
> Mostly that means using a routing protocol to do LAN-scope Anycast via
> ECMP. ISC has a technote that explains how to do it.
Agreed. We use exaBGP to anycast our resolvers into our BGP routing
table and ECMP on top of that. Works well.
In the past we did a split - one resolver IP via anycast, one via
load-balancers, but TBH the heterogeneity didn't buy us anything, and
the SLB load was substantial, so we moved to all-anycast.
More information about the bind-users
mailing list