Suggestions for a distributed DNS zone hosting solution I'm designing

Mukund Sivaraman muks at isc.org
Wed Mar 7 08:27:01 UTC 2018 

Hi

On Tue, Mar 06, 2018 at 11:10:35PM -0700, Latitude wrote:
> I would like to solicit constructive feedback in regards to a distributed DNS
> zone hosting proof of concept I'd like to design and establish. 
> 
> I must deploy a DNS system with the following requirements:
> - single master server, multiple slave servers
> - minimal time for name resolving for Americas, Europe and Asia
> - up to millions records in a domain zone
> - changes propagate in real time (master -> slaves), 2 sec max delay
> - automatic slave data re-syncing on master link restore after disconnect
> - API for zone records manipulation (insert, update, delete)
> 
> So far I am considering using (free) DC/OS on Amazon Web Services with the
> latest version of BIND containerized using docker on a Linux or Unix OS. Dyn
> and Infoblox are also on my list of items to research but I have never used
> either and I enjoy working with BIND on Linux. After all this is the BIND
> Users group, but I would be interested to know if someone can make a case
> for using Dyn or Infoblox in this case. 
> 
> Considerations/questions I have about this deployment for this Bind-Users
> forum are:
> 
> 1. How can I examine DNS resolution times using this platform (or other
> platforms to compare with) in different geographic areas of the world
> without first deploying it? I will need to have benchmark data to test
> against to verify I am getting the fastest speeds possible on name
> resolutions. 

Changing conditions on the internet affect nameserver selection and
there are several factors involved in what is 'fastest'. When talking
about 'resolution', it also depends on resolvers' and their clients'
connectivity. Short of empirically measuring response times, I don't
have a better answer.

> 2. How to handle millions of records in a DNS zone, and how common is it to
> have millions of records in a DNS zone?

It is uncommon to have millions of records in a DNS zone, but it is
possible and there are some operators who run such large zones. We
routinely test million+ RR zones with BIND.

> 3. What API solutions for DNS zone edits currently exist or should I be
> lookin into?

DNS UPDATE (RFC 2136) is the protocol for modifying zone data.

You may also be interested in web APIs such as: https://dnsimple.com/api

> I will research more in the next day but so far I know I can manually
> configure named.conf to propagate zone changes to slave servers rapidly
> (aiming for 2 seconds or less) using NOTIFY messages and zone transfers, and
> also configure slave servers to automatically re-synch zone data with the
> master server upon reestablishing a connection. That should satisfy two of
> my requirements above. 

There is no guarantee that any nameserver will synchronize zones updates
from primary within 2 seconds max. If the public internet is involved,
the cumulative roundtrip times involved in notifying a secondary and for
the secondary to start a transfer alone may take more than 2 seconds
depending on network conditions and topology, especially if you're
talking about Americas, Europe and Asia together.

		Mukund

More information about the bind-users mailing list