transparent DNS load-balancing with a Cisco ACE
John Miller
johnmill at brandeis.edu
Fri Oct 19 20:48:50 UTC 2012
Thanks Daniel. Good to hear of someone using NAT for DNS traffic. My
fears of it are mostly performance-based--every DNS query takes up a new
entry in the ACE's NAT table. In our case, that's thousands of queries
per second that the ACE has to keep in memory. I've shown it to be a
slight (25% or so) performance hit in terms of max queries/second.
At this point, these are recursive-only servers, so I'm not even worried
about zone transfers--that piece of the project comes next! The
rservers will be doing a bunch of outbound queries, however, and using
their real addresses for that.
John
On 10/19/2012 04:32 PM, Daniel McDonald wrote:
> I've not bothered with nat - just place rservers with unique addresses
> behind the ACE, let them use the ACE as their default gateway, and then
> publish a vip. The rservers use their real address for zone transfers with
> the master, while clients only talk with the vip address.
>
>
More information about the bind-users
mailing list