reje wrote:
Yes, we have that much DNS requests hiting our servers
(we are not experiencing any DoS but from legitimate
user requests :-)
Furthermore, the DNS infrastructure tiemouts are
unacceptable in our scenario. Registering additinal NS
records is also unacceptable.
FYI: our primary DNS experiences cca. 4000 requests
per second, secondary goes with cca. 3000 req/sec.
Primary server is SUN Fire V480 with 16GB RAM,
secondary is also SUN Fire V480 with 8GB RAM. Both
servers are running Solaris 9 + BIND 9. Firewall is
PIX 535, works like a charm.
Increase some of your heavily used records' TTLs.
Add more public slave servers, 5-7 is a good number.
Have them pull from a hidden master.
Put some of the servers far away from you, but near your clients. e.g:
London, Franfurt, Paris, Sydney, where ever (can't do that with load bal).
If you have both of your only 2 servers in the same rack, you will have
problems. I once saw one idiot put both DNS servers into Solaris 10
zones on a single box (e15k). What is the point??????
I used to work for an ISP serving some popular domains. Used white i386
boxes in various colo racks (own and others), nae probs.
Fire walling was done by Juniper, no load balancing.
Go re-read the DNS and BIND book.
--
========================================================
Craig Skinner [EMAIL PROTECTED]
Phone +44 (0) 1506 673024 5-digit shortdial:x73024
Sun Remote Support Centre, Linlithgow, Scotland, UK
========================================================
