Load balacing DNS

Matthew Seaman m.seaman at infracaninophile.co.uk
Sun Apr 29 13:13:02 UTC 2007

Hash: SHA256

freebsd wrote:

> I need to setup 2 DNS server and I would like these to be visible as a
> single IP address.
> Using CARP I'm able to obtain failover capabilities, but I need load
> balancing also. Any ideas other than putting another server in front of
> my machines?
> The DNS ip address will be hardcoded in some hundreads of devices and I
> cannot use a secondary dns...

Given that you're running DNS which is primarily a UDP thing and not
stateful, then you can stick the public IP of your DNS on a firewall
gateway box running pf, and have as many servers behind it as you
need to cover the load, and use the 'round-robin' feature of the rdr
command in pf to distribute incoming queries over your servers.  You'll
also need to use NAT so the return packets end up with the correct source
address on them. See:


Note that this only gives you load balance statistically -- based on the
number of packets rather than the actual load on the servers.  Also, it
does not provide any sort of high-availability features: if one of your
back-end servers goes down, the firewall will still pump packets to it
even though there's nothing there to respond.  You can use CARP or
wackamole to ensure that the IPs in question are always configured on a
machine that can answer.



- -- 
Dr Matthew J Seaman MA, D.Phil.                       7 Priory Courtyard
                                                      Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey         Ramsgate
                                                      Kent, CT11 9PW
Version: GnuPG v2.0.3 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


More information about the freebsd-questions mailing list