Multiple BIND instances
/dev/rob0
rob0 at gmx.co.uk
Tue Feb 7 15:54:03 UTC 2012
On Tue, Feb 07, 2012 at 03:17:45PM +0800, Jeff Peng wrote:
> 于 2012-2-7 15:09, sasa sasa 写道:
> >I got a server with 16GB memory, want to install 2 BIND on
> >CentOS, one cache only and another authoritative.
> >Is it better to install 2 OS virtually and run BIND in them
> >or run 2 instances of BIND on the same OS? I mean what is
> >the best practice to take advantage of the hardware
> >resources without risking having single DNS with cache and
> >authoritative?
>
> One OS with two or more public IPs for different BIND instances
> is better IMO.
I would use different ports, and a NAT redirect of one of the IP
addresses to the alternate port.
Another possibility, if the caching server is only serving the
processes on this machine, bind it on localhost, and put the
authoritative server on the external IP. (Don't forget to use an
alternate controls section for one of these instances; otherwise
they're both going to try for 127.0.0.1:953.)
To those who are suggesting views: sure, this can be done, but if
another exploit like the last big one comes along and named crashes,
both authoritative name service and the resolver are affected. I
think the OP's goal (quite reasonable IMO) was to keep them separate,
and what Jeff and I are talking about will do that.
--
http://rob0.nodns4.us/ -- system administration and consulting
Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
More information about the bind-users
mailing list