Re: Multiple BIND instances
On 07.02.12 14:10, Lightner, Jeff wrote: Virtualization doesn't reduce use of resources but DOES separate into what are perceived to be multiple servers so I'm not sure what you mean by you still have one server. one machine, one piece of hardware. There's not much to separate there, unless if gives you some kind of safety or other advantage, but I don't know about any that would help in such case. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Honk if you love peace and quiet. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Multiple BIND instances
Zitat von sasa sasa sasasa20...@yahoo.com: Hi, I got a server with 16GB memory, want to install 2 BIND on CentOS, one cache only and another authoritative. Is it better to install 2 OS virtually and run BIND in them or run 2 instances of BIND on the same OS? I mean what is the best practice to take advantage of the hardware resources without risking having single DNS with cache and authoritative? If you really care about separating the cache and the authoritative part you should also use separation at OS level. There are light-weight virtualisation solutions like OpenVZ which does not add noticeable performance costs. On the other hand you might also go ahead with one instance and views. Regards Andreas ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Multiple BIND instances
On 2/7/2012 11:17 AM, Matus UHLAR - fantomas wrote: You can even run a single BIND instance with two separate views and that should not affect functionality. On 07.02.12 04:02, sasa sasa wrote: Wouldn't this have mixed (one) caches? No, unless you use attach-cache directive. However, the cache won't be big for authoritative-only part. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. You have the right to remain silent. Anything you say will be misquoted, then used against you. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Multiple BIND instances
In message 1328616138.50948.yahoomail...@web120103.mail.ne1.yahoo.com, sasa sasa writes: On 2/7/2012 11:17 AM, Matus UHLAR - fantomas wrote: You can even run a single BIND instance with two separate views and that should not affect functionality. Wouldn't this have mixed (one) caches? Only if you configure it. I suppose you are running 64bit OS, so you can have really huge cache (4GB) Yes, it's 64bit. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Multiple BIND instances
On Mon, 2012-02-06 at 23:09 -0800, sasa sasa wrote: Hi, I got a server with 16GB memory, want to install 2 BIND on CentOS, one cache only and another authoritative. Is it better to install 2 OS virtually and run BIND in them or run 2 instances of BIND on the same OS? I mean what is the best practice to take advantage of the hardware resources without risking having single DNS with cache and authoritative? regards, Sasa How many CPU cores do you have? I've been running Debian with BIND (some with multiple views) on Xen for a few years now. Each box has five virtual servers, some of them running 1,000 lookups/second with plenty of CPU overhead. The boxes are dual hex-core AMDs with 32GB RAM. The individual virtual servers are running 2 cores each. The boxes have up times of over 600 days with no issues. I'm not suggesting this is what you should do, but rather showing it has been a very successful and cost effective solution for me. You should evaluate the expected DNS load and test accordingly. I tested my servers with several times our current load before deployment. Steve. BIND Rocks. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Multiple BIND instances
On Tue, Feb 07, 2012 at 03:17:45PM +0800, Jeff Peng wrote: δΊ 2012-2-7 15:09, sasa sasa ει: I got a server with 16GB memory, want to install 2 BIND on CentOS, one cache only and another authoritative. Is it better to install 2 OS virtually and run BIND in them or run 2 instances of BIND on the same OS? I mean what is the best practice to take advantage of the hardware resources without risking having single DNS with cache and authoritative? One OS with two or more public IPs for different BIND instances is better IMO. I would use different ports, and a NAT redirect of one of the IP addresses to the alternate port. Another possibility, if the caching server is only serving the processes on this machine, bind it on localhost, and put the authoritative server on the external IP. (Don't forget to use an alternate controls section for one of these instances; otherwise they're both going to try for 127.0.0.1:953.) To those who are suggesting views: sure, this can be done, but if another exploit like the last big one comes along and named crashes, both authoritative name service and the resolver are affected. I think the OP's goal (quite reasonable IMO) was to keep them separate, and what Jeff and I are talking about will do that. -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if /dev/rob0 is in the Subject: ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Multiple BIND instances
I'm not sure why this answer has gone off into the weeds, but running 2 instances on the same host is quite simple. 1. Get 2 different (hopefully sets of v4 and v6) IP addresses, one for each instance. 2. Set up 2 different chroot environments, one for the authoritative and one for the resolver. Included in this setup will be the appropriate listen-on arguments in named.conf. 3. Run each instance with the appropriate command line arguments to chroot into its own environment. 4. Profit. Adding virtualization makes sense for some services, but it doesn't for BIND, which has a very intelligent chroot ability. hth, Doug -- It's always a long day; 86400 doesn't fit into a short. Breadth of IT experience, and depth of knowledge in the DNS. Yours for the right price. :) http://SupersetSolutions.com/ ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Multiple BIND instances
Hi, I got a server with 16GB memory, want to install 2 BIND on CentOS, one cache only and another authoritative. Is it better to install 2 OS virtually and run BIND in them or run 2 instances of BIND on the same OS? I mean what is the best practice to take advantage of the hardware resources without risking having single DNS with cache and authoritative? regards, Sasa ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users