New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
A quick dns question
Saragoldfarb
Member, Megathread Squad
in Help
We've been using our own DNS servers for years now and couldn't be happier. As we're expanding we'd like to add some more servers for redundancy and load balancing.
I was wondering if using a single registered nameserver with multiple ips/servers, say ns1.domain.com would make any difference in the way it resolves compared to using multiple hostnames with a single IP. They will resolve round robin but will it also try another IP in case the selected server doesn't awnser?
Current situation:
Ns1 - IP/server 1
Ns2 - IP/server 2
Ns3 - IP/server 3
Ns4 - IP/server 4
New situation:
Ns1 - IP/server 1 + 2
Ns2 - IP/server 3 + 4
What would be best practice? Googled it for a bit but opinions differ.
Comments
The potential purposes to have multiple DNS servers are (may not be exhaustive):
It depends on your purposes.
Although roughly equivalent, best practice is - theoretically - the first solution, but this is largely implementation dependent. The second solution adds a tiny extra level of complexity and uncertainty.
In your first solution, a resolver should try all four NS hosts in turn, and therefore in a worst case scenario all four IPs would be given a try, until one is found that "works". Job done.
In your second solution, let's assume IPs 1 and 3 are "down". Now, some "dumb" resolver queries the zone, retrieves both NS records as it should, but extracts only one of the two IP addresses for each NS (lazy, but nothing wrong with that). If running out of luck, the resolver picks NS1=IP1 (that is a fail), then tries NS2=IP3 (a fail again). Complete failure.
I would suggest for the first approach, as it is much better than second one.
At least you are sure that all are checked at DNS resolver.
Go for the first option. Pretty easy why;
When you're running 2 IPs on "ns1", the requests are basically being load balancer (round robin). If all nameservers are running, this won't be a problem. However, when one of the nameservers has a technically issue and is not reachable becomes of that you'll run into DNS timeouts/delays.
With round robin load balancing, DNS don't know which is available and which not - it just picks a random IP under "ns1". So some requests can be 'forwarded' to that specific DNS server that has a technical issue..... resulting in all sorts of DNS issues you'd like to avoid.
In case you're looking for redundancy, this is definitely not the right approach.
By going with option 1, each DNS server has it's own hostname and IP. This is much clearer and easier to debug in case you're experiencing any technical issues.
When creating a nameserver at your domain name at your domain registrar is it possible to have multiple IP addresses for the same nameserver? Creating a nameserver at your domain is sometimes referred to as "registering a nameserver" or "registering a child nameserver".
Keyword here is availability
It should just be redundant and work.
That's what I was thinking as well. Thanks for your insights!
Thanks. Good point. Why overcomplicate things right? I guess we'll stick with option one
Yes that's possible. That's why I wanted to explore that option.
Thinking about it... What happens if you have both ipv4 and ipv6? Would it resolve the nameserver round robin? Just like when you use 2 ipv4 addresses for one server?
Maybe I'll get a couple of LEBs and set up a test. See how it works out
Not really,
The device's DNS client (well at least for Linux, not sure about other OS, sorry), would check /etc/gai.conf to see if IPv4 is preferred over IPv6 (By default, it isn't, IPv6 is prefered).
That determines whether IPv6 or IPv4 will be used if a DNS request returns both a IPv4 and IPv6.
Also if possible, I would highly recommend getting some DDOS protection for the DNS servers if this is an important site/domain that must stay up.
Cheers! And yeah, ddos protection is taken care of. Never been hit by a ddos so far luckily. Don't think anyone would care to ddos us but it's better to be safe than sorry. Paying extra for that peace of mind is no big deal.
Thanks all for the feedback. I have been running a test setup for both solutions and the 1st one seems to be most reliable. I decided to do load balancing at server level so no extra point of failure is added.
your current situation is much better if you do have 4 different servers on 4 different networks and preferably different countries or continents.
All taken care of, thanks for the advice!. Never had issues with the current setup but always looking for improvement