Any experiences in using loadbalancer for DNS ?
Brian A. Seklecki
lavalamp at spiritual-machines.org
Thu Sep 27 13:14:39 UTC 2007
In Radware, new outbound UDP/TCP/ICMP from "farm servers" (Service VIPs
normally) participating in a farm+L4 policy can be NAT+PAT'd in a
variety of ways, including none at all (CMU has two /16s :).
I would recommend creating a new service VIP in your external VLAN for
outbound NAT+PAT separate from where your HA-L4 inbound service VIP
resides. Similar to query-source statement.
On Wed, 2007-06-27 at 11:22 -0400, David Nolan wrote:
> --On Wednesday, June 27, 2007 10:06:46 +0200 Udo Zumdick <uz at nic.dtag.de>
> > Hello,
> > we have a few nameserver running BIND 9.2.6 as a caching only NS behind 2
> > Alteon 2208 loadbalancer in a active standby configuration.
> > Now, when querying a domain that is not in the resolver cache, the
> > respond for such a query takes more than 4 seconds, which is much too
> > long. It seems that this is limited to UDP queries because the same query
> > (dig [...] NS) with a +trace option takes mostly not more than a hundred
> > milliseconds or so.
> > Could it be possible that the loadbalancer is the reason for this delay ?
> > Although I can't take it out of this setting.
> > Has anyone an idea for a reason or has similar experiences ?
> Are your outbound DNS queries from these servers being sent from the load
> balanced IP, and possibly being sent to the wrong server when the response
> packet is received?
> Have you tried sniffing packets both inside and outside the load balancer
> to see what is happening?
More information about the bind-users