Should DNS be on same server as webserver?
jon at radel.com
Mon Jul 13 17:03:34 UTC 2009
John Almberg wrote:
> The other day, a FreeBSD 'expert' told me that it is important to have
> the DNS server for a domain on the same server as the domain's web
> server. Supposedly, this saves doing tons of DNS look ups over the
> network. Instead, they are done locally.
> This makes sense to me, but I wonder if the performance difference is
> really that significant?
In my experience, you're straying well into "it all depends" and "you'll
have to benchmark your situation and see" territory.
I once walked into a situation where a web server was setup to do a
reverse lookup on all log entries, and the DNS servers were on the far
end of an overloaded 56 kbps line. That was miserable, stupid slow and
quickly cured by setting up a resolving name server on the web server.
On the other hand, in situations where my name servers have been on the
same high-quality gigE switch as the web servers, I've never noticed an
issue, but then I don't run any really high-volume servers.
On the third hand (too many years in front of CRTs), Apache and Bind
have both had their security issues over the years, and there's
something to be said for running them on different servers to reduce
both the "all eggs in one basket" factor and the ease of spreading an
attack. (Yes, I'm assuming what you're actually running....)
If you want performance and security, you might consider running your
authoritative dns servers for your domain on a different server, while
on your web server you run a light-weight caching dns server reachable
only on the loopback interface.
jon at radel.com
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 3283 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20090713/b0f3ad73/smime.bin
More information about the freebsd-questions