Upload
luke-robertson
View
220
Download
3
Tags:
Embed Size (px)
Citation preview
1
Distributed DNS
best practices to build redundant, reliable architecture
By Ladislav Vobr SE/SOP/I&eS,Etisalat
2
Outline
• Introduction• Different DNS roles• Authoritative• Caching• ccTLD• Internal• Best Practices / Recommendations• Increasing the availability• L4-7 switching / Anycast• Service Monitoring• Latest DNS Features Trends• Conclusion
3
Introduction
• What is DNS?
• DNS & Internet
• The Importance of DNS Service
4
Different DNS roles
• Authoritative/non-recursive
• Caching/Recursive
• ccTLD
• The Root Servers
• Recursive
5
Best Practices
• Separate geographically
• Separate the functionality
• Separate Access
• Use well defined SOA, TTL
• Use consistent NS records
6
Scaling performance / Availability
• Authoritative only servers- Build it mechanism using RTT
• Caching Services- Scaling vertically - brings huge cost & doesn’t improve
availability- Scaling horizontally – reduce the cost, but needs some
configuration
a) Cluster (one active / one standby ) b) L4-7 switches (complicated, more features)c) ANYCAST (simple / simple balancing)
7
L4-7 switching
• Better l4-7 filtering
• Better load distribution
• Geographical failover not standarized
• Complicated management
• Another point of failure (two switches required)
8
Anycast Routing
• Simple idea• Using standard protocols• Supports broad range of routing protocols• Simple load balancing only• Not able to filter traffic based on l4-7• Acts as a router, easy troubleshooting• No additional hardware required• Free tools available / zebra / ospfd ….
9
Important features in Bind
• TSIG/DNSSEC
• NOTIFY
• NSUPDATE
• IDN
• IPV6
• RNDC FLUSH
• RNDC RECURSING
10
Service Monitoring
• Monitor CPU
• Monitor Number of REQUESTS
• Monitor Recursive QUEUE
• Monitor Traffic Rates
• Monitor BOGUS servers
11
Popular links
• http://www.isc.org
• http://www.bind9.org
• http://www.bind.org
• http://zebra.org
• http://rrdtool.de
• Mailing list: [email protected]
12
Thank You