Bind9 on VMWare
dot at dotat.at
Thu Jan 14 11:41:26 UTC 2016
Mike Hoskins (michoski) <michoski at cisco.com> wrote:
> I've ran several large DNS infras over the years. Back in 2005/6 I
> finally drank the koolaid and migrated a large caching infra
> (authoritative was kept on bare metal) to VMWare+Linux.
Amusingly our setup is the exact opposite - authoritative on VMs and
recursive on metal.
> Finally after babysitting that for a few years, we moved everything back
> to bare metal in the name of "dependency reduction" -- we didn't want core
> things like DNS relying on anything more than absolutely necessary (I'd
> argue this is a sound engineering principle for any infrastructure admin
> to fight for, despite the fact most pointy hairs will value cost savings
> more and it flies in the face of NFV hotness).
For exactly this reason :-)
The recursive servers have their own copies of our zones, so they only
depend on the auth servers for zone transfers; an auth outage doesn't
damage local recursive service, and we have secondary servers to provide
auth coverage for non-local users.
f.anthony.n.finch <dot at dotat.at> http://dotat.at/
Southwest Dover, Wight, Portland, Plymouth, North Biscay: Northwesterly 6 to
gale 8, perhaps severe gale 9 later. Moderate or rough. Squally showers. Good,
More information about the bind-users