Re: Load - Hosting and Query servers

Skeeve Stevens wrote:

> I've decided to design a new DNS setup where I have two sets of DNS
> servers.
>
> One set for hosting. and one set for Queries of customers.
>
> First questions.
>
> The 'Hosting' set.
>
> I do not want them to be able to be queried for any domains other than
> what is being hosted on them. How do I accomplish this?

Set "allow-query { internal_nets; };" globally (where
"internal_nets" would be an ACL you define enumerating all of your
internal networks) and then override that in each authoritative-zone
definition with "allow-query { any; };".

> For a 'Query' set.
>
> Can anyone give me advice on how to get the best speed out of a caching
> only server?

The short answers are:
1) throw lots of RAM at it,
2) run BIND 8, unless you have a multiprocessor box, in which case you
might be better off with BIND 9, which supposedly benefits far more from
multithreading (actually, I'm not even sure that BIND 9 has caught up
performance-wise to BIND 8, even on multiprocessor boxes -- if this has
happened, then it's a recent development),
3) if you have multiple boxes and much faster internal links than Internet
links, then consider putting a caching forwarder near your best Internet
connectivity and then having the others forward to it. But measure this
performance very carefully, since sometimes forwarding hurts performance
more than helps, or it might increase your average query time while making
your worst-case query times even worse than if you didn't use forwarding.
Depending on your customer requirements, worst-case query time may
actually be more important than average query time.

For more in-depth analysis or nameserver performance, take a look at some
of the material in ftp://ftp.cup.hp.com/dist/networking/briefs. It's
somewhat HP-slanted (not surprising, given the URL), but informative
nonetheless.


- Kevin