[lug] Clustering for Load-Balancing and Fault-Tolerance??
Shannon Johnston
sjohnston at cavion.com
Wed Jan 30 10:04:03 MST 2002
These are good suggestions but they are things I've already done.
I'm running Bind 9 (lastest release) and I'm limiting queries to our
networks and zone transfers are limited to just a couple of machines.
Just the sheer amount of traffic is the problem (I think.)
Getting good statistics is something I'm very interested in but haven't
researched it yet.
Shannon
On Wed, 2002-01-30 at 07:31, Nate Duehr wrote:
> This sounds more like you need to implement rules on your DNS servers with
> ACL's about who can query them and expect to get a recursive answer. You
> should not be providing recursive query functionality to people off your
> network.
>
> It's a lot harder to DoS a DNS server when you can't get it to do any work
> for you.
>
> Also, seriously consider turning back some of the default logging if you're
> not using it. BIND 8's logging setup is hard on disk I/O under load...
> turning off all that junk really helps.
>
> Nate, nate at natetech.com
>
> ----- Original Message -----
> From: "Shannon Johnston" <sjohnston at cavion.com>
> To: <lug at lug.boulder.co.us>
> Sent: Tuesday, January 29, 2002 10:11 AM
> Subject: Re: [lug] Clustering for Load-Balancing and Fault-Tolerance??
>
>
> > > Do you really? I suppose you could look at the sites mentioned and put
> a
> > > load balancing machine in front of several DNS servers.
> >
> > This is exactly the effect that I'm looking for.
> > Currently my DNS server is overloaded and the secondary server can't
> > really handle the increase in traffic when the primary goes offline.
> >
> > I've suffered 3 DNS DoS attacks within the past few weeks and I'm not
> > sure they're really attacks or just spikes in queries.
> >
> > I'm expecting to add upwards of 400 domains that I'm authoritative for
> > within the next few months and I need something I can easily scale to
> > handle the increase in traffic.
> >
> > The linux virtual server seems to be the way to go...
> >
> > Shannon
> >
> >
> >
> > On Mon, 2002-01-28 at 20:24, Dave Anselmi wrote:
> > > Shannon Johnston wrote:
> > >
> > > > Hello all!
> > > > I'm looking for opinions here...
> > > > I need load-balancing, fault-tolerant DNS servers. (Not load-balancing
> > > > for http, but distributing DN resolution requests.) I've never worked
> > > > with clusters before so I would like to know where a good starting
> point
> > > > would be, and if anybody has any suggestions as to what to use.
> > >
> > > Do you really? I suppose you could look at the sites mentioned and put
> a
> > > load balancing machine in front of several DNS servers.
> > >
> > > When you list several name servers as authoritative for a domain, I
> would
> > > guess that other name servers will pick between them at random. You
> don't
> > > need any session sharing type fault tolerance because DNS only uses one
> > > packet each direction.
> > >
> > > The only thing clustering will buy you is that all the name servers
> could
> > > share one IP, so if one goes down there's no delay from asking it for a
> > > lookup. Unless you're talking about load balancing recursive requests
> > > (i.e., from resolver clients rather than name servers).
> > >
> > > I'm curious what setup you have and why you think clustering is the way
> to
> > > go.
> > >
> > > Dave
> > >
> > >
> > > _______________________________________________
> > > Web Page: http://lug.boulder.co.us
> > > Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> >
> > _______________________________________________
> > Web Page: http://lug.boulder.co.us
> > Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> >
>
>
> _______________________________________________
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
More information about the LUG
mailing list