From owner-freebsd-isp@FreeBSD.ORG Mon Aug 4 11:22:25 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 11FFB37B401 for ; Mon, 4 Aug 2003 11:22:25 -0700 (PDT) Received: from stingray.amis.net (stingray.amis.net [212.18.32.19]) by mx1.FreeBSD.org (Postfix) with ESMTP id 59AB743FA3 for ; Mon, 4 Aug 2003 11:22:24 -0700 (PDT) (envelope-from blaz.zupan@amis.net) Received: from localhost (localhost [127.0.0.1]) by stingray.amis.net (Postfix) with ESMTP id 512EB3865DB for ; Mon, 4 Aug 2003 20:22:23 +0200 (CEST) Received: from stingray.amis.net ([127.0.0.1]) by localhost (stingray.amis.net [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 70005-04 for ; Mon, 4 Aug 2003 20:22:22 +0200 (CEST) Received: from titanic.medinet.si (titanic.medinet.si [212.18.42.5]) by stingray.amis.net (Postfix) with ESMTP id C258A3865D4 for ; Mon, 4 Aug 2003 20:22:22 +0200 (CEST) Received: by titanic.medinet.si (Postfix, from userid 1000) id A5C055553E; Mon, 4 Aug 2003 20:22:22 +0200 (CEST) To: freebsd-isp@freebsd.org Message-Id: <20030804182222.A5C055553E@titanic.medinet.si> Date: Mon, 4 Aug 2003 20:22:22 +0200 (CEST) From: blaz.zupan@amis.net (Blaz Zupan) X-Virus-Scanned: by Amis Safe Mail Subject: Re: DNS Server Farm X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Aug 2003 18:22:25 -0000 > Our company has inherited/bought an ISP outfit which has around 2 > million subscribers. Among our first priority is to upgrade the DNS > service which has been abysmal according to the users Date: Mon, 4 Aug 2003 20:22:22 +0200 I'm actually wondering why everybody is suggesting load balancers. This means either single point of failure or very expensive hardware. I don't know anything about your infrastructure, but because you have 2 million customers you probably have many POPs which are spread out around the country. Anycast is the solution in this case. Build lots and lots of small recursive nameserver boxes and locate them at various points around your network. Each of those boxes has two IP addresses: one from the local subnet and another address which is same on all boxes - the anycast address. Put a static route on your local router which routes the anycast address to the local IP address of each box. Configure the nameserver so that it responds on the anycast address, but uses the local IP address to resolve DNS records (so that you don't get in trouble with routing the traffic from outside of your network to the local caching nameserver, because return packets might reach the wrong box due to the anycasting setup). In this scenario you have lots of boxes around your network and every single one of them is reachable by the same IP address. Now you just point your customers DNS settings at this IP address and you're all set. If you want automatic failover in this scenario, make the boxes speak BGP or some other routing protocol to the local router, Zebra works fine in this situation. Make it announce only the anycast address. If the box hiccups, the route will disappear and your customer will use another recursing nameserver somewhere in your network.