Re: forwarders question
Michael Monnerie wrote: We are having 2 sites at different locations now with a DNS resolver on each site. Internet speed between those two different ISPs is very fast, and the hosts to resolve will be about the same because of similar services. My idea is to use forward X; on site Y and forward Y; on site X, but, as I couldn't find it in the documents, I believe this could lead to a resolver loop between X and Y and therefore even slower resolution. Or is BIND clever enough to only ask the other server once? On 11.08.09 11:13, Mark Andrews wrote: The forwarding concept was developed when 48k external links were *FAST* links and having everyone on a campus use one or two machine as a super cache provided some real benefit. It still provides some benefit if you are dialing up over the PSTN. However if you are using Cable/DSL or similar technologies there is little benefit and huge negative consequences in the case of the forwarder being down. We have small farm with more servers behind L3 switch, everything connected using 2 links... so I think this way of forwarding could help us a bit especially for domains with servers behind slow links... Cross connecting caches is not part of the design strategy and will not work well. It would take code changes to make it work well. ... but it would require some tuning of forwarding code e.g. to set up maximum timeout for a forwarding server and to allow sending of non-recursive queries to a forwarding server. I think it would be interesting to know if this behaviour could bring us some benefits but apparently nobody's going to code this... -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Linux is like a teepee: no Windows, no Gates and an apache inside... ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
forwarders question
We are having 2 sites at different locations now with a DNS resolver on each site. Internet speed between those two different ISPs is very fast, and the hosts to resolve will be about the same because of similar services. My idea is to use forward X; on site Y and forward Y; on site X, but, as I couldn't find it in the documents, I believe this could lead to a resolver loop between X and Y and therefore even slower resolution. Or is BIND clever enough to only ask the other server once? My tests seem to indicate it's working well, but maybe someone knows of any issues? There are 2 reasons for this: 1) performance. Having the caches hot on both sides and with a high chance one caches knows entries the other can use, it should be quick. 2) reliability. Asking only internal servers which I can control is more secure than using any ISPs DNS. They start to do the DNS mangling here in Austria also (instead NXDOMAIN they deliver their web sites A record to point to their search engine). mfg zmi -- // Michael Monnerie, Ing.BSc- http://it-management.at // Tel: 0660 / 415 65 31 .network.your.ideas. // PGP Key: curl -s http://zmi.at/zmi.asc | gpg --import // Fingerprint: AC19 F9D5 36ED CD8A EF38 500E CE14 91F7 1C12 09B4 // Keyserver: wwwkeys.eu.pgp.net Key-ID: 1C1209B4 signature.asc Description: This is a digitally signed message part. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: forwarders question
In message 4a808228.2080...@dougbarton.us, Doug Barton writes: Michael Monnerie wrote: We are having 2 sites at different locations now with a DNS resolver on each site. Internet speed between those two different ISPs is very fast, and the hosts to resolve will be about the same because of similar services. My idea is to use forward X; on site Y and forward Y; on site X, but, as I couldn't find it in the documents, I believe this could lead to a resolver loop between X and Y and therefore even slower resolution. Or is BIND clever enough to only ask the other server once? If you're getting a response for a name that neither server is authoritative for, you have your answer. tcpdump could give you more information if you want to pursue it further. There are 2 reasons for this: 1) performance. Having the caches hot on both sides and with a high chance one caches knows entries the other can use, it should be quick. Unless you are turning off your name servers when everyone goes home at night I would like to suggest that you're not really gaining anything by doing this. There are two possible scenarios: 1. Usage patterns are different at your 2 sites. In that case you gain nothing by doing what you're doing. 2. Usage patterns are similar at your 2 sites. In that case IF the link between your 2 sites is dramatically faster than the link between your name servers and the outside world then you will gain a small amount of performance after the name servers are first booted. After a few hours of normal use (in other words, the cache is built up on both sides) it is likely that you are not gaining anything. In the even that the link between sites suffers some sort of performance problem you are definitely going to be pessimizing your DNS with this configuration. In short, there are a lot of scenarios when you are going to be doing worse, and a very few scenarios when you are doing better, and then only for a short period of time. I would therefore suggest that the configuration you are suggesting is a lot of added complexity for no measurable benefit. 2) reliability. Asking only internal servers which I can control is more secure than using any ISPs DNS. They start to do the DNS mangling here in Austria also (instead NXDOMAIN they deliver their web sites A record to point to their search engine). While I agree that local resolvers are a good idea, this has nothing to do with your forwarder configuration. hope this helps, Doug ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users Agreed. The forwarding concept was developed when 48k external links were *FAST* links and having everyone on a campus use one or two machine as a super cache provided some real benefit. It still provides some benefit if you are dialing up over the PSTN. However if you are using Cable/DSL or similar technologies there is little benefit and huge negative consequences in the case of the forwarder being down. Cross connecting caches is not part of the design strategy and will not work well. It would take code changes to make it work well. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
