Doug Barton wrote: > Oliver Fromme wrote: > > > By the way, I have changed from hints to slaves on the DNS > > servers for a large server farm (just testing right now; > > I might go back to hints if I don't feel it's worth it). > > Depending on how many name servers you have you might get a bigger win > by slaving the root to one server, then slaving it to the others from > your "local master." If you're only talking about a few name servers > it's probably not worth it though. It's three name servers, and they're intended to be completely independent of each other. That's why I've configured each of them to retrieve the root zone of its own. > > It _seems_ a few applications run with lower latency, but > > I'll need to run some benchmarks in order to get some hard > > numbers. > > If your stuff is relatively well behaved, and generally only queries a > few TLDs you might not get much of a benefit in terms of reduced > latency. In this scenario the main advantage is better resilience to a > root DDoS. > > Where this technique really works well is a scenario where you are > answering a lot of "random" queries that could potentially include > invalid TLDs and other "junk." Not sending those queries to the roots > helps reduce traffic for them and for you, and gives you much better > latency on the inevitable NXDOMAIN response. The farm contains several mail servers with spam and virus scanners, http proxies with (roughly) several thousands of users, a few dozen web servers and other things. I think especially the mail scanners and the proxies generate some amount of dns "junk" queries. Thanks for your suggestions! Best regards Oliver -- Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M. Handelsregister: Registergericht Muenchen, HRA 74606, Geschäftsfuehrung: secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün- chen, HRB 125758, Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart FreeBSD-Dienstleistungen, -Produkte und mehr: http://www.secnetix.de/bsd "I made up the term 'object-oriented', and I can tell you I didn't have C++ in mind." -- Alan Kay, OOPSLA '97Received on Sun Aug 05 2007 - 07:02:44 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:15 UTC