Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 29 Apr 2007 14:12:42 +0100
From:      Matthew Seaman <m.seaman@infracaninophile.co.uk>
To:        freebsd <freebsd@gorlani.net>
Cc:        FreeBSD Questions <freebsd-questions@freebsd.org>
Subject:   Re: Load balacing DNS
Message-ID:  <463499CA.2040709@infracaninophile.co.uk>
In-Reply-To: <000301c78a3e$0e804040$0637a8c0@Enigma>
References:  <000301c78a3e$0e804040$0637a8c0@Enigma>

next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

freebsd wrote:

> I need to setup 2 DNS server and I would like these to be visible as a
> single IP address.
> Using CARP I'm able to obtain failover capabilities, but I need load
> balancing also. Any ideas other than putting another server in front of
> my machines?
> The DNS ip address will be hardcoded in some hundreads of devices and I
> cannot use a secondary dns...

Given that you're running DNS which is primarily a UDP thing and not
stateful, then you can stick the public IP of your DNS on a firewall
gateway box running pf, and have as many servers behind it as you
need to cover the load, and use the 'round-robin' feature of the rdr
command in pf to distribute incoming queries over your servers.  You'll
also need to use NAT so the return packets end up with the correct source
address on them. See:

    http://www.openbsd.org/faq/pf/pools.html

Note that this only gives you load balance statistically -- based on the
number of packets rather than the actual load on the servers.  Also, it
does not provide any sort of high-availability features: if one of your
back-end servers goes down, the firewall will still pump packets to it
even though there's nothing there to respond.  You can use CARP or
wackamole to ensure that the IPs in question are always configured on a
machine that can answer.

	Cheers,

	Matthew

- -- 
Dr Matthew J Seaman MA, D.Phil.                       7 Priory Courtyard
                                                      Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey         Ramsgate
                                                      Kent, CT11 9PW
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.3 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGNJnK8Mjk52CukIwRCETfAJ9YXz0GNQQxfo0tq578+cMM6try3wCfX0Ih
QaCfz+Toev2LqEqamJwS0h4=
=x7BA
-----END PGP SIGNATURE-----



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?463499CA.2040709>