[dns-operations] Natting DNS farm behind LB - using priv ip space.
Matthew Pounsett
matt at conundrum.com
Fri Jun 3 16:54:49 UTC 2011
On 2011-06-03, at 12:02, Bob Paolucci wrote:
>
> Anyone have any experience / comments about using such LB's for DNS? :)
You're better off using ECMP routing to do your load balancing for all the reasons João mentioned, plus you'll have better support for v6 and will probably save a lot of money.
Here are two proven methods for doing it:
1) OSPF on the DNS servers <http://bit.ly/kwV9is>
2) Static ECMP routes + health checks <http://bit.ly/jJpKnG>
I'm sure there are others out there as well.
> Now back to the discussion,
>
> Is there any reason why we would want to use routable real IP's on the DNS servers to avoid having to NAT for outgoing DNS traffic? Its what we're doing right now under the CSM config.
> The proposal is to use private IP's on DNS servers under the new LB and NAT....
> Im leaning towards using real IP's on the DNS servers...
Again it comes down to things like latency, state tables, etc. NATs have to rewrite your packets on the way in and on the way out (which introduces latency) and they like to keep state for tracking NAT mappings, which is especially bad in UDP as there's no clear end to the session as there is with TCP, so stuff hangs around in your state tables longer than necessary. You'll frequently run out of memory or packet-per-second processing capability on your NAT/LB box long before you run out of steam on the DNS servers behind it.
More information about the dns-operations
mailing list