Re: Thoughts on a large-scale DNS server...
From: Dan Ross (dan.ross_at_hamiltontel.com)
Date: 06/28/05
- Previous message: Eric Anderson: "Re: option 82 on isc dhcp"
- In reply to: John Von Essen: "Thoughts on a large-scale DNS server..."
- Next in thread: Adam Jacob Muller: "Re: Thoughts on a large-scale DNS server..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Tue, 28 Jun 2005 10:04:59 -0500 To: John Von Essen <john@essenz.com>
John,
Having done this before, I can say that everybody will usually have
a different opinion about this. What I did when I had a similar
situation is I picked the BIND version that had the most CERT fixes. 8
has been out for a while so it is a good gamble, and if your already
worried about backward compatible your question is already answered.
Organizational wise what I did was I made primary dns the master of
everything and nothing. It had the domain authority but I had a whole
fleet of lesser servers in charge of the "sub domains", which I broke up
by network address ie 65 network, 198 network etc.. It did mean more
servers but then any one system failure did not bring down the whole
system. I went with a combination of LINUX and Freebsd but ended with
mostly LINUX because it had more platform flexibility, as in I could
grab anybodies desktop slap the magic wand of that is my new LINUX box
and, bam, I had a temporary LINUX system while I fixed the old one.
Daniel
John Von Essen wrote:
>I have been tasked with setting up a large-scale dns server environment
>(One ISP is taking over another ISP) and would greatly appreciate any
>thouhts or experiences that could help me out.
>
>In the end we will probably be doing authoritative DNS for 11,000 domains,
>and another 200 or so in-arpa address ranges for reverse resolution.
>
>The plan is to have 3 core machines. One is the master, and gets its zone
>files created from local cvs exports. The other two are slaves, and do
>zone transfers from the master. The Public will actually only talk to
>these two slave DNS servers (NS1 and NS2). The machines themselves will be
>Single 3Ghz Xeon, 1Gb Memory, and 70Gb RAID 1 U320 SCSI. For every
>machine, we will have a standby machine waiting and ready.
>
>The first question is, do I have enough CPU/Memory. Keep in mind these
>machines will nothing but DNS.
>
>Are there any performace issues with using regular filesystem directory
>zone file storage. For example, we will have a very large named.conf file
>with some 11,000 zone entries (I have never worked with a named.conf
>file that big before). Those entries will just reference the local
>filesystem, file "s/a/adam.com"; and so on.
>
>The next big question is BIND8 or BIND9. I would like to take advantage of
>threading in BIND9, but saw a previous post that BIND9 can have difficulty
>working with BIND8 servers which were incorrectly setup, whereas BIND8 can
>allow for a certain level of "external" incompetence.
>
>And finally, Linux or FreeBSD, and if FreeBSD, 4 or 5.
>
>Current staff (besides me) whats to run Debian Linux, but BIND9 pthreads
>dont work in Linux, do they work in FreeBSD? I want to use FreeBSD just
>because it better overall with regards to TCP/IP.
>
>The only performance numbers we got from the other ISP, is that existing
>dns servers use about a constanst 400 kbps (bits) of bandwidth.
>
>Thanks in advance
>John
>_______________________________________________
>freebsd-isp@freebsd.org mailing list
>http://lists.freebsd.org/mailman/listinfo/freebsd-isp
>To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"
>
>
>
_______________________________________________
freebsd-isp@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-isp
To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"
- Previous message: Eric Anderson: "Re: option 82 on isc dhcp"
- In reply to: John Von Essen: "Thoughts on a large-scale DNS server..."
- Next in thread: Adam Jacob Muller: "Re: Thoughts on a large-scale DNS server..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
