1 Distributed DNS best practices to build redundant, reliable architecture By Ladislav Vobr...
-
Upload
luke-robertson -
Category
Documents
-
view
220 -
download
3
Transcript of 1 Distributed DNS best practices to build redundant, reliable architecture By Ladislav Vobr...
![Page 1: 1 Distributed DNS best practices to build redundant, reliable architecture By Ladislav Vobr SE/SOP/I&eS, Etisalat.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649e0d5503460f94af6b05/html5/thumbnails/1.jpg)
1
Distributed DNS
best practices to build redundant, reliable architecture
By Ladislav Vobr SE/SOP/I&eS,Etisalat
![Page 2: 1 Distributed DNS best practices to build redundant, reliable architecture By Ladislav Vobr SE/SOP/I&eS, Etisalat.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649e0d5503460f94af6b05/html5/thumbnails/2.jpg)
2
Outline
• Introduction• Different DNS roles• Authoritative• Caching• ccTLD• Internal• Best Practices / Recommendations• Increasing the availability• L4-7 switching / Anycast• Service Monitoring• Latest DNS Features Trends• Conclusion
![Page 3: 1 Distributed DNS best practices to build redundant, reliable architecture By Ladislav Vobr SE/SOP/I&eS, Etisalat.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649e0d5503460f94af6b05/html5/thumbnails/3.jpg)
3
Introduction
• What is DNS?
• DNS & Internet
• The Importance of DNS Service
![Page 4: 1 Distributed DNS best practices to build redundant, reliable architecture By Ladislav Vobr SE/SOP/I&eS, Etisalat.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649e0d5503460f94af6b05/html5/thumbnails/4.jpg)
4
Different DNS roles
• Authoritative/non-recursive
• Caching/Recursive
• ccTLD
• The Root Servers
• Recursive
![Page 5: 1 Distributed DNS best practices to build redundant, reliable architecture By Ladislav Vobr SE/SOP/I&eS, Etisalat.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649e0d5503460f94af6b05/html5/thumbnails/5.jpg)
5
Best Practices
• Separate geographically
• Separate the functionality
• Separate Access
• Use well defined SOA, TTL
• Use consistent NS records
![Page 6: 1 Distributed DNS best practices to build redundant, reliable architecture By Ladislav Vobr SE/SOP/I&eS, Etisalat.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649e0d5503460f94af6b05/html5/thumbnails/6.jpg)
6
Scaling performance / Availability
• Authoritative only servers- Build it mechanism using RTT
• Caching Services- Scaling vertically - brings huge cost & doesn’t improve
availability- Scaling horizontally – reduce the cost, but needs some
configuration
a) Cluster (one active / one standby ) b) L4-7 switches (complicated, more features)c) ANYCAST (simple / simple balancing)
![Page 7: 1 Distributed DNS best practices to build redundant, reliable architecture By Ladislav Vobr SE/SOP/I&eS, Etisalat.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649e0d5503460f94af6b05/html5/thumbnails/7.jpg)
7
L4-7 switching
• Better l4-7 filtering
• Better load distribution
• Geographical failover not standarized
• Complicated management
• Another point of failure (two switches required)
![Page 8: 1 Distributed DNS best practices to build redundant, reliable architecture By Ladislav Vobr SE/SOP/I&eS, Etisalat.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649e0d5503460f94af6b05/html5/thumbnails/8.jpg)
8
Anycast Routing
• Simple idea• Using standard protocols• Supports broad range of routing protocols• Simple load balancing only• Not able to filter traffic based on l4-7• Acts as a router, easy troubleshooting• No additional hardware required• Free tools available / zebra / ospfd ….
![Page 9: 1 Distributed DNS best practices to build redundant, reliable architecture By Ladislav Vobr SE/SOP/I&eS, Etisalat.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649e0d5503460f94af6b05/html5/thumbnails/9.jpg)
9
Important features in Bind
• TSIG/DNSSEC
• NOTIFY
• NSUPDATE
• IDN
• IPV6
• RNDC FLUSH
• RNDC RECURSING
![Page 10: 1 Distributed DNS best practices to build redundant, reliable architecture By Ladislav Vobr SE/SOP/I&eS, Etisalat.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649e0d5503460f94af6b05/html5/thumbnails/10.jpg)
10
Service Monitoring
• Monitor CPU
• Monitor Number of REQUESTS
• Monitor Recursive QUEUE
• Monitor Traffic Rates
• Monitor BOGUS servers
![Page 11: 1 Distributed DNS best practices to build redundant, reliable architecture By Ladislav Vobr SE/SOP/I&eS, Etisalat.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649e0d5503460f94af6b05/html5/thumbnails/11.jpg)
11
Popular links
• http://www.isc.org
• http://www.bind9.org
• http://www.bind.org
• http://zebra.org
• http://rrdtool.de
• Mailing list: [email protected]
![Page 12: 1 Distributed DNS best practices to build redundant, reliable architecture By Ladislav Vobr SE/SOP/I&eS, Etisalat.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649e0d5503460f94af6b05/html5/thumbnails/12.jpg)
12
Thank You