Date: Tue, 28 Jun 2005 09:55:33 -0500 From: Eric Anderson <anderson@centtech.com> To: John Von Essen <john@essenz.com> Cc: freebsd-isp@freebsd.org Subject: Re: Thoughts on a large-scale DNS server... Message-ID: <42C164E5.8090507@centtech.com> In-Reply-To: <20050628102618.J13559@beck.quonix.net> References: <20050628102618.J13559@beck.quonix.net>
next in thread | previous in thread | raw e-mail | index | archive | help
John Von Essen wrote: > I have been tasked with setting up a large-scale dns server environment > (One ISP is taking over another ISP) and would greatly appreciate any > thouhts or experiences that could help me out. > > In the end we will probably be doing authoritative DNS for 11,000 domains, > and another 200 or so in-arpa address ranges for reverse resolution. > > The plan is to have 3 core machines. One is the master, and gets its zone > files created from local cvs exports. The other two are slaves, and do > zone transfers from the master. The Public will actually only talk to > these two slave DNS servers (NS1 and NS2). The machines themselves will be > Single 3Ghz Xeon, 1Gb Memory, and 70Gb RAID 1 U320 SCSI. For every > machine, we will have a standby machine waiting and ready. > > The first question is, do I have enough CPU/Memory. Keep in mind these > machines will nothing but DNS. > > Are there any performace issues with using regular filesystem directory > zone file storage. For example, we will have a very large named.conf file > with some 11,000 zone entries (I have never worked with a named.conf > file that big before). Those entries will just reference the local > filesystem, file "s/a/adam.com"; and so on. > > The next big question is BIND8 or BIND9. I would like to take advantage of > threading in BIND9, but saw a previous post that BIND9 can have difficulty > working with BIND8 servers which were incorrectly setup, whereas BIND8 can > allow for a certain level of "external" incompetence. > > And finally, Linux or FreeBSD, and if FreeBSD, 4 or 5. I can't comment too much on the above - but I can say that you might be well served to use FreeBSD-5(STABLE), and use carp for failover to your other boxes. That would give you a very nice failover setup. I'm a bind person myself, but some have reported great success also with djbdns, and I know there are some implementations of mysql and other backends for bind and djbdns. You could set up a test bed - should be pretty easy, and probably worth the effort. Eric -- ------------------------------------------------------------------------ Eric Anderson Sr. Systems Administrator Centaur Technology A lost ounce of gold may be found, a lost moment of time never. ------------------------------------------------------------------------
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?42C164E5.8090507>