[lug] Clustering for Load-Balancing and Fault-Tolerance??

Harris, James James_Harris at maxtor.com
Wed Jan 30 09:35:52 MST 2002


For statistics I'm using NRG http://nrg.hep.wisc.edu/.

It's pretty quick to setup and does a nice job of getting basic information.
I've seen other solutions available that break the stats into query types,
but for my needs, this seemed to be the quickest to get implemented.  I'm
watching the OS, Network and DNS stats on all of DNS servers with this tool.
(In addition to watching all of our sendmail statistics on our gateways
too.)  Very very useful.  Can't recommend it enough.

-----Original Message-----
From: Shannon Johnston [mailto:sjohnston at cavion.com] 
Sent: Wednesday, January 30, 2002 10:04
To: lug at lug.boulder.co.us
Subject: Re: [lug] Clustering for Load-Balancing and Fault-Tolerance??


These are good suggestions but they are things I've already done. I'm
running Bind 9 (lastest release) and I'm limiting queries to our networks
and zone transfers are limited to just a couple of machines. Just the sheer
amount of traffic is the problem (I think.) Getting good statistics is
something I'm very interested in but haven't researched it yet.


Shannon




On Wed, 2002-01-30 at 07:31, Nate Duehr wrote:
> This sounds more like you need to implement rules on your DNS servers 
> with ACL's about who can query them and expect to get a recursive 
> answer.  You should not be providing recursive query functionality to 
> people off your network.
> 
> It's a lot harder to DoS a DNS server when you can't get it to do any 
> work for you.
> 
> Also, seriously consider turning back some of the default logging if 
> you're not using it.  BIND 8's logging setup is hard on disk I/O under 
> load... turning off all that junk really helps.
> 
> Nate, nate at natetech.com
> 
> ----- Original Message -----
> From: "Shannon Johnston" <sjohnston at cavion.com>
> To: <lug at lug.boulder.co.us>
> Sent: Tuesday, January 29, 2002 10:11 AM
> Subject: Re: [lug] Clustering for Load-Balancing and Fault-Tolerance??
> 
> 
> > > Do you really?  I suppose you could look at the sites mentioned 
> > > and put
> a
> > > load balancing machine in front of several DNS servers.
> >
> > This is exactly the effect that I'm looking for.
> > Currently my DNS server is overloaded and the secondary server can't 
> > really handle the increase in traffic when the primary goes offline.
> >
> > I've suffered 3 DNS DoS attacks within the past few weeks and I'm 
> > not sure they're really attacks or just spikes in queries.
> >
> > I'm expecting to add upwards of 400 domains that I'm authoritative 
> > for within the next few months and I need something I can easily 
> > scale to handle the increase in traffic.
> >
> > The linux virtual server seems to be the way to go...
> >
> > Shannon
> >
> >
> >
> > On Mon, 2002-01-28 at 20:24, Dave Anselmi wrote:
> > > Shannon Johnston wrote:
> > >
> > > > Hello all!
> > > > I'm looking for opinions here...
> > > > I need load-balancing, fault-tolerant DNS servers. (Not 
> > > > load-balancing for http, but distributing DN resolution 
> > > > requests.) I've never worked with clusters before so I would 
> > > > like to know where a good starting
> point
> > > > would be, and if anybody has any suggestions as to what to use.
> > >
> > > Do you really?  I suppose you could look at the sites mentioned 
> > > and put
> a
> > > load balancing machine in front of several DNS servers.
> > >
> > > When you list several name servers as authoritative for a domain, 
> > > I
> would
> > > guess that other name servers will pick between them at random.  
> > > You
> don't
> > > need any session sharing type fault tolerance because DNS only 
> > > uses one packet each direction.
> > >
> > > The only thing clustering will buy you is that all the name 
> > > servers
> could
> > > share one IP, so if one goes down there's no delay from asking it 
> > > for a lookup.  Unless you're talking about load balancing 
> > > recursive requests (i.e., from resolver clients rather than name 
> > > servers).
> > >
> > > I'm curious what setup you have and why you think clustering is 
> > > the way
> to
> > > go.
> > >
> > > Dave
> > >
> > >
> > > _______________________________________________
> > > Web Page:  http://lug.boulder.co.us
> > > Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> >
> > _______________________________________________
> > Web Page:  http://lug.boulder.co.us
> > Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> >
> 
> 
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug

_______________________________________________
Web Page:  http://lug.boulder.co.us
Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug



More information about the LUG mailing list