Bind9 on VMWare

Tony Finch dot at
Thu Jan 14 11:41:26 UTC 2016

Mike Hoskins (michoski) <michoski at> wrote:
> I've ran several large DNS infras over the years.  Back in 2005/6 I
> finally drank the koolaid and migrated a large caching infra
> (authoritative was kept on bare metal) to VMWare+Linux.

Amusingly our setup is the exact opposite - authoritative on VMs and
recursive on metal.

> Finally after babysitting that for a few years, we moved everything back
> to bare metal in the name of "dependency reduction" -- we didn't want core
> things like DNS relying on anything more than absolutely necessary (I'd
> argue this is a sound engineering principle for any infrastructure admin
> to fight for, despite the fact most pointy hairs will value cost savings
> more and it flies in the face of NFV hotness).

For exactly this reason :-)

The recursive servers have their own copies of our zones, so they only
depend on the auth servers for zone transfers; an auth outage doesn't
damage local recursive service, and we have secondary servers to provide
auth coverage for non-local users.

f.anthony.n.finch  <dot at>
Southwest Dover, Wight, Portland, Plymouth, North Biscay: Northwesterly 6 to
gale 8, perhaps severe gale 9 later. Moderate or rough. Squally showers. Good,
occasionally moderate.

More information about the bind-users mailing list