From owner-freebsd-isp@FreeBSD.ORG Tue Jun 28 15:03:06 2005 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 23FE316A41C for ; Tue, 28 Jun 2005 15:03:06 +0000 (GMT) (envelope-from dan.ross@hamiltontel.com) Received: from hamilton.net (mail.hamiltontel.com [208.6.238.18]) by mx1.FreeBSD.org (Postfix) with ESMTP id D954043D1D for ; Tue, 28 Jun 2005 15:03:05 +0000 (GMT) (envelope-from dan.ross@hamiltontel.com) Received: from [208.6.238.24] (HELO [192.168.50.4]) by hamilton.net (CommuniGate Pro SMTP 4.1.8) with ESMTP id 160959520; Tue, 28 Jun 2005 10:03:08 -0500 Message-ID: <42C1671B.6010205@hamiltontel.com> Date: Tue, 28 Jun 2005 10:04:59 -0500 From: Dan Ross User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317) X-Accept-Language: en-us, en MIME-Version: 1.0 To: John Von Essen References: <20050628102618.J13559@beck.quonix.net> In-Reply-To: <20050628102618.J13559@beck.quonix.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-isp@freebsd.org Subject: Re: Thoughts on a large-scale DNS server... X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Jun 2005 15:03:06 -0000 John, Having done this before, I can say that everybody will usually have a different opinion about this. What I did when I had a similar situation is I picked the BIND version that had the most CERT fixes. 8 has been out for a while so it is a good gamble, and if your already worried about backward compatible your question is already answered. Organizational wise what I did was I made primary dns the master of everything and nothing. It had the domain authority but I had a whole fleet of lesser servers in charge of the "sub domains", which I broke up by network address ie 65 network, 198 network etc.. It did mean more servers but then any one system failure did not bring down the whole system. I went with a combination of LINUX and Freebsd but ended with mostly LINUX because it had more platform flexibility, as in I could grab anybodies desktop slap the magic wand of that is my new LINUX box and, bam, I had a temporary LINUX system while I fixed the old one. Daniel John Von Essen wrote: >I have been tasked with setting up a large-scale dns server environment >(One ISP is taking over another ISP) and would greatly appreciate any >thouhts or experiences that could help me out. > >In the end we will probably be doing authoritative DNS for 11,000 domains, >and another 200 or so in-arpa address ranges for reverse resolution. > >The plan is to have 3 core machines. One is the master, and gets its zone >files created from local cvs exports. The other two are slaves, and do >zone transfers from the master. The Public will actually only talk to >these two slave DNS servers (NS1 and NS2). The machines themselves will be >Single 3Ghz Xeon, 1Gb Memory, and 70Gb RAID 1 U320 SCSI. For every >machine, we will have a standby machine waiting and ready. > >The first question is, do I have enough CPU/Memory. Keep in mind these >machines will nothing but DNS. > >Are there any performace issues with using regular filesystem directory >zone file storage. For example, we will have a very large named.conf file >with some 11,000 zone entries (I have never worked with a named.conf >file that big before). Those entries will just reference the local >filesystem, file "s/a/adam.com"; and so on. > >The next big question is BIND8 or BIND9. I would like to take advantage of >threading in BIND9, but saw a previous post that BIND9 can have difficulty >working with BIND8 servers which were incorrectly setup, whereas BIND8 can >allow for a certain level of "external" incompetence. > >And finally, Linux or FreeBSD, and if FreeBSD, 4 or 5. > >Current staff (besides me) whats to run Debian Linux, but BIND9 pthreads >dont work in Linux, do they work in FreeBSD? I want to use FreeBSD just >because it better overall with regards to TCP/IP. > >The only performance numbers we got from the other ISP, is that existing >dns servers use about a constanst 400 kbps (bits) of bandwidth. > >Thanks in advance >John >_______________________________________________ >freebsd-isp@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-isp >To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > > >