Date: Tue, 28 Jun 2005 10:04:59 -0500 From: Dan Ross <dan.ross@hamiltontel.com> To: John Von Essen <john@essenz.com> Cc: freebsd-isp@freebsd.org Subject: Re: Thoughts on a large-scale DNS server... Message-ID: <42C1671B.6010205@hamiltontel.com> In-Reply-To: <20050628102618.J13559@beck.quonix.net> References: <20050628102618.J13559@beck.quonix.net>
next in thread | previous in thread | raw e-mail | index | archive | help
John, Having done this before, I can say that everybody will usually have a different opinion about this. What I did when I had a similar situation is I picked the BIND version that had the most CERT fixes. 8 has been out for a while so it is a good gamble, and if your already worried about backward compatible your question is already answered. Organizational wise what I did was I made primary dns the master of everything and nothing. It had the domain authority but I had a whole fleet of lesser servers in charge of the "sub domains", which I broke up by network address ie 65 network, 198 network etc.. It did mean more servers but then any one system failure did not bring down the whole system. I went with a combination of LINUX and Freebsd but ended with mostly LINUX because it had more platform flexibility, as in I could grab anybodies desktop slap the magic wand of that is my new LINUX box and, bam, I had a temporary LINUX system while I fixed the old one. Daniel John Von Essen wrote: >I have been tasked with setting up a large-scale dns server environment >(One ISP is taking over another ISP) and would greatly appreciate any >thouhts or experiences that could help me out. > >In the end we will probably be doing authoritative DNS for 11,000 domains, >and another 200 or so in-arpa address ranges for reverse resolution. > >The plan is to have 3 core machines. One is the master, and gets its zone >files created from local cvs exports. The other two are slaves, and do >zone transfers from the master. The Public will actually only talk to >these two slave DNS servers (NS1 and NS2). The machines themselves will be >Single 3Ghz Xeon, 1Gb Memory, and 70Gb RAID 1 U320 SCSI. For every >machine, we will have a standby machine waiting and ready. > >The first question is, do I have enough CPU/Memory. Keep in mind these >machines will nothing but DNS. > >Are there any performace issues with using regular filesystem directory >zone file storage. For example, we will have a very large named.conf file >with some 11,000 zone entries (I have never worked with a named.conf >file that big before). Those entries will just reference the local >filesystem, file "s/a/adam.com"; and so on. > >The next big question is BIND8 or BIND9. I would like to take advantage of >threading in BIND9, but saw a previous post that BIND9 can have difficulty >working with BIND8 servers which were incorrectly setup, whereas BIND8 can >allow for a certain level of "external" incompetence. > >And finally, Linux or FreeBSD, and if FreeBSD, 4 or 5. > >Current staff (besides me) whats to run Debian Linux, but BIND9 pthreads >dont work in Linux, do they work in FreeBSD? I want to use FreeBSD just >because it better overall with regards to TCP/IP. > >The only performance numbers we got from the other ISP, is that existing >dns servers use about a constanst 400 kbps (bits) of bandwidth. > >Thanks in advance >John >_______________________________________________ >freebsd-isp@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-isp >To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?42C1671B.6010205>