Thoughts on a large-scale DNS server...

Dan Ross dan.ross at hamiltontel.com
Tue Jun 28 15:03:06 GMT 2005 

John,
    Having done this before, I can say that everybody will usually have 
a different opinion about this.  What I did when I had a similar 
situation is I picked the BIND version that had the most CERT fixes.  8 
has been out for a while so it is a good gamble, and if your already 
worried about backward compatible your question is already answered.
   Organizational wise what I did was I made primary dns the master of 
everything and nothing.  It had the domain authority but I had a whole 
fleet of lesser servers in charge of the "sub domains", which I broke up 
by network address ie 65 network, 198 network etc..  It did mean more 
servers but then any one system failure did not bring down the whole 
system.  I went with a combination of LINUX and Freebsd but ended with 
mostly LINUX because it had more platform flexibility, as in I could 
grab anybodies desktop slap the magic wand of that is my new LINUX box 
and, bam, I had a temporary LINUX system while I fixed the old one.
Daniel


John Von Essen wrote:

>I have been tasked with setting up a large-scale dns server environment
>(One ISP is taking over another ISP) and would greatly appreciate any
>thouhts or experiences that could help me out.
>
>In the end we will probably be doing authoritative DNS for 11,000 domains,
>and another 200 or so in-arpa address ranges for reverse resolution.
>
>The plan is to have 3 core machines. One is the master, and gets its zone
>files created from local cvs exports. The other two are slaves, and do
>zone transfers from the master. The Public will actually only talk to
>these two slave DNS servers (NS1 and NS2). The machines themselves will be
>Single 3Ghz Xeon, 1Gb Memory, and 70Gb RAID 1 U320 SCSI. For every
>machine, we will have a standby machine waiting and ready.
>
>The first question is, do I have enough CPU/Memory. Keep in mind these
>machines will nothing but DNS.
>
>Are there any performace issues with using regular filesystem directory
>zone file storage. For example, we will have a very large named.conf file
>with some 11,000 zone entries (I have never worked with a named.conf
>file that big before). Those entries will just reference the local
>filesystem, file "s/a/adam.com"; and so on.
>
>The next big question is BIND8 or BIND9. I would like to take advantage of
>threading in BIND9, but saw a previous post that BIND9 can have difficulty
>working with BIND8 servers which were incorrectly setup, whereas BIND8 can
>allow for a certain level of "external" incompetence.
>
>And finally, Linux or FreeBSD, and if FreeBSD, 4 or 5.
>
>Current staff (besides me) whats to run Debian Linux, but BIND9 pthreads
>dont work in Linux, do they work in FreeBSD? I want to use FreeBSD just
>because it better overall with regards to TCP/IP.
>
>The only performance numbers we got from the other ISP, is that existing
>dns servers use about a constanst 400 kbps (bits) of bandwidth.
>
>Thanks in advance
>John
>_______________________________________________
>freebsd-isp at freebsd.org mailing list
>http://lists.freebsd.org/mailman/listinfo/freebsd-isp
>To unsubscribe, send any mail to "freebsd-isp-unsubscribe at freebsd.org"
>
>  
>

More information about the freebsd-isp mailing list