Re: how to increase DNS reliability?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 7/25/19 3:48 PM, rainer@xxxxxxxxxxxxxxx wrote:
> Am 2019-07-25 15:41, schrieb hw:
>> On 7/25/19 2:53 PM, rainer@xxxxxxxxxxxxxxx wrote:
>>> Am 2019-07-25 14:51, schrieb hw:
>>>> Hi,
>>>>
>>>> how can DNS reliability, as experienced by clients on the LAN who are
>>>> sending queries, be increased?
>>>>
>>>> Would I have to set up some sort of cluster consisting of several
>>>> servers all providing DNS services which is reachable under a single
>>>> IP address known to the clients?
>>>>
>>>> Just setting up several name servers and making them known to the clients
>>>> for the clients to automatically switch isn't a good solution because
>>>> the clients take their timeouts and users lacking even the most basic
>>>> knowledge inevitably panic when the first name server does not answer
>>>> queries.
>>>
>>> Run a local cache (unbound) and enter all your local resolvers as upstreams.
>>
>> That can fail just as well --- or be even worse when the clients can't switch
>> over anymore.  I have that and am avoiding to use it for some clients because
>> it takes a while for the cache to get updated when I make changes.
>>
>> However, if that cache fails, chances are that the internet connection is also
>> down in which case it can be troublesome to even get local host names resolved.
>> When that happens, trouble is to be expected.
> 
> 
> Anything else is - IMHO - much more work, much more complicated

That's what I was thinking.  Perhaps it is better to live with a main server and
one or two slaves so the clients can keep their alternatives.

But still ...  There's got to be a better way ...

> and much more likely to fail, in a more spectacular way.
> Especially all those keepalive "solutions".

You mean like probing if the DNS server is still responsive and somehow switching
over when it's not?  I never tried, though it is evident that more complicated
things may tend to be less reliable.

Yet it reminds me that I could actually check the name servers and dispatch a message
when one fails as I'm already doing for a couple other things.  That would suffice
and doesn't introduce more possibilites of failure to name resolution.

> I have found that I need to restart unbound if all upstreams had failed.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos




[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]


  Powered by Linux