Thoughts on a large-scale DNS server...

Eric Anderson anderson at centtech.com
Tue Jun 28 14:55:54 GMT 2005 

John Von Essen wrote:
> I have been tasked with setting up a large-scale dns server environment
> (One ISP is taking over another ISP) and would greatly appreciate any
> thouhts or experiences that could help me out.
> 
> In the end we will probably be doing authoritative DNS for 11,000 domains,
> and another 200 or so in-arpa address ranges for reverse resolution.
> 
> The plan is to have 3 core machines. One is the master, and gets its zone
> files created from local cvs exports. The other two are slaves, and do
> zone transfers from the master. The Public will actually only talk to
> these two slave DNS servers (NS1 and NS2). The machines themselves will be
> Single 3Ghz Xeon, 1Gb Memory, and 70Gb RAID 1 U320 SCSI. For every
> machine, we will have a standby machine waiting and ready.
> 
> The first question is, do I have enough CPU/Memory. Keep in mind these
> machines will nothing but DNS.
> 
> Are there any performace issues with using regular filesystem directory
> zone file storage. For example, we will have a very large named.conf file
> with some 11,000 zone entries (I have never worked with a named.conf
> file that big before). Those entries will just reference the local
> filesystem, file "s/a/adam.com"; and so on.
> 
> The next big question is BIND8 or BIND9. I would like to take advantage of
> threading in BIND9, but saw a previous post that BIND9 can have difficulty
> working with BIND8 servers which were incorrectly setup, whereas BIND8 can
> allow for a certain level of "external" incompetence.
> 
> And finally, Linux or FreeBSD, and if FreeBSD, 4 or 5.

I can't comment too much on the above - but I can say that you might be 
well served to use FreeBSD-5(STABLE), and use carp for failover to your 
other boxes.  That would give you a very nice failover setup.

I'm a bind person myself, but some have reported great success also with 
djbdns, and I know there are some implementations of mysql and other 
backends for bind and djbdns.

You could set up a test bed - should be pretty easy, and probably worth 
the effort.

Eric



-- 
------------------------------------------------------------------------
Eric Anderson        Sr. Systems Administrator        Centaur Technology
A lost ounce of gold may be found, a lost moment of time never.
------------------------------------------------------------------------

More information about the freebsd-isp mailing list