The 'dnsdist' project, also from the PowerDNS team, is pretty much designed for this sort of thing: directiing/balancing requests among groups of DNS servers.
On Tue, May 11, 2021 at 6:50 PM John Von Essen via Pdns-users <pdns-users@mailman.powerdns.com> wrote: > > I apologize if this question is old news, but I’m curious about my proposed > pdns solution and how to integrate multiple forwarders. > > Background, large infrastructure running in Azure. Previously, we used > Azure’s internal resolver, but we got bitten bad by two DNS/resolver outages > in Azure in the past 6 months. External resolution is critical to our app. > > We are in 5 geo regions, each region has between 15-30 VMs. My proposed > solution (and I have working PoC right now) is in each of the 5 regions I am > going to build a new resolver VM running pdns-recursor. > > For arguments sake, call this virgina-ns1, chicago-ns1, dublin-ns1, etc.,. > These nodes are a fairly vanilla pdns config, recursion doesn’t hit any > forwarders, rather it goes right to ROOT NS. We want to eliminate SPOFs. > Obviously, lots of caching. > > > Now, in each region (say dublin), we have 30 servers. These 30 VMs will also > have pdns-recursor installed listening on 127.0.0.1, acting as a local > caching forwarder. Again, a fairly vanilla config except I add: > > forward-zones-recurse=.=10.10.0.253 > > Where 10.10.0.253 is the IP of dublin-ns1 - aka my regional resolver that > goes out to ROOT. This is all works fine, but obviously 10.10.0.253 is now a > single point of failure. I can add multiple forwaders like this: > > forward-zones-recurse=.=10.10.0.253;10.20.0.253;10.30.0.254 > > In this case I have three listed, the first one is my nearest, the next two > reside in adjacent regions from Dublin (say US and Asia). > > My question is for a random server in Dublin, hitting pdns-recursor on > localhost with those 3 forwarders, how is the traffic distributed? Does it go > to the first one listed, and then only if the first one doesn’t respond, it > tries the next? > I ask because I did a stress test with a similar setup and I saw that approx > 60-70% of requests went to the IP of the first forwarder listed, then 30% to > the second. I was expecting 100% traffic to the first. > > Thanks in advance, sorry for the long post. I’m a long time Bind user, but > really liking pdns so far. > > -John > > > _______________________________________________ > Pdns-users mailing list > Pdns-users@mailman.powerdns.com > https://mailman.powerdns.com/mailman/listinfo/pdns-users _______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
