From owner-freebsd-isp@FreeBSD.ORG Tue Jun 28 14:55:54 2005 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C3A6216A41F for ; Tue, 28 Jun 2005 14:55:54 +0000 (GMT) (envelope-from anderson@centtech.com) Received: from mh2.centtech.com (moat3.centtech.com [207.200.51.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id 694AB43D55 for ; Tue, 28 Jun 2005 14:55:53 +0000 (GMT) (envelope-from anderson@centtech.com) Received: from [10.177.171.220] (neutrino.centtech.com [10.177.171.220]) by mh2.centtech.com (8.13.1/8.13.1) with ESMTP id j5SEtfmt038616; Tue, 28 Jun 2005 09:55:41 -0500 (CDT) (envelope-from anderson@centtech.com) Message-ID: <42C164E5.8090507@centtech.com> Date: Tue, 28 Jun 2005 09:55:33 -0500 From: Eric Anderson User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.8) Gecko/20050603 X-Accept-Language: en-us, en MIME-Version: 1.0 To: John Von Essen References: <20050628102618.J13559@beck.quonix.net> In-Reply-To: <20050628102618.J13559@beck.quonix.net> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-isp@freebsd.org Subject: Re: Thoughts on a large-scale DNS server... X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Jun 2005 14:55:54 -0000 John Von Essen wrote: > I have been tasked with setting up a large-scale dns server environment > (One ISP is taking over another ISP) and would greatly appreciate any > thouhts or experiences that could help me out. > > In the end we will probably be doing authoritative DNS for 11,000 domains, > and another 200 or so in-arpa address ranges for reverse resolution. > > The plan is to have 3 core machines. One is the master, and gets its zone > files created from local cvs exports. The other two are slaves, and do > zone transfers from the master. The Public will actually only talk to > these two slave DNS servers (NS1 and NS2). The machines themselves will be > Single 3Ghz Xeon, 1Gb Memory, and 70Gb RAID 1 U320 SCSI. For every > machine, we will have a standby machine waiting and ready. > > The first question is, do I have enough CPU/Memory. Keep in mind these > machines will nothing but DNS. > > Are there any performace issues with using regular filesystem directory > zone file storage. For example, we will have a very large named.conf file > with some 11,000 zone entries (I have never worked with a named.conf > file that big before). Those entries will just reference the local > filesystem, file "s/a/adam.com"; and so on. > > The next big question is BIND8 or BIND9. I would like to take advantage of > threading in BIND9, but saw a previous post that BIND9 can have difficulty > working with BIND8 servers which were incorrectly setup, whereas BIND8 can > allow for a certain level of "external" incompetence. > > And finally, Linux or FreeBSD, and if FreeBSD, 4 or 5. I can't comment too much on the above - but I can say that you might be well served to use FreeBSD-5(STABLE), and use carp for failover to your other boxes. That would give you a very nice failover setup. I'm a bind person myself, but some have reported great success also with djbdns, and I know there are some implementations of mysql and other backends for bind and djbdns. You could set up a test bed - should be pretty easy, and probably worth the effort. Eric -- ------------------------------------------------------------------------ Eric Anderson Sr. Systems Administrator Centaur Technology A lost ounce of gold may be found, a lost moment of time never. ------------------------------------------------------------------------