Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


A quick dns question
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

A quick dns question

We've been using our own DNS servers for years now and couldn't be happier. As we're expanding we'd like to add some more servers for redundancy and load balancing.

I was wondering if using a single registered nameserver with multiple ips/servers, say ns1.domain.com would make any difference in the way it resolves compared to using multiple hostnames with a single IP. They will resolve round robin but will it also try another IP in case the selected server doesn't awnser?

Current situation:


Ns1 - IP/server 1
Ns2 - IP/server 2
Ns3 - IP/server 3
Ns4 - IP/server 4

New situation:


Ns1 - IP/server 1 + 2
Ns2 - IP/server 3 + 4

What would be best practice? Googled it for a bit but opinions differ.

Comments

  • elgselgs Member

    The potential purposes to have multiple DNS servers are (may not be exhaustive):

    1. to have higher availability, failover, in case one fails;
    2. to make it look as if you are serious with DNS, and are willing to spend more servers;

    It depends on your purposes.

  • Shot2Shot2 Member
    edited July 2016

    Although roughly equivalent, best practice is - theoretically - the first solution, but this is largely implementation dependent. The second solution adds a tiny extra level of complexity and uncertainty.

    In your first solution, a resolver should try all four NS hosts in turn, and therefore in a worst case scenario all four IPs would be given a try, until one is found that "works". Job done.

    In your second solution, let's assume IPs 1 and 3 are "down". Now, some "dumb" resolver queries the zone, retrieves both NS records as it should, but extracts only one of the two IP addresses for each NS (lazy, but nothing wrong with that). If running out of luck, the resolver picks NS1=IP1 (that is a fail), then tries NS2=IP3 (a fail again). Complete failure.

    Thanked by 1Saragoldfarb
  • I would suggest for the first approach, as it is much better than second one.
    At least you are sure that all are checked at DNS resolver.

    Thanked by 1Saragoldfarb
  • LiteServerLiteServer Member, Patron Provider

    Go for the first option. Pretty easy why;
    When you're running 2 IPs on "ns1", the requests are basically being load balancer (round robin). If all nameservers are running, this won't be a problem. However, when one of the nameservers has a technically issue and is not reachable becomes of that you'll run into DNS timeouts/delays.
    With round robin load balancing, DNS don't know which is available and which not - it just picks a random IP under "ns1". So some requests can be 'forwarded' to that specific DNS server that has a technical issue..... resulting in all sorts of DNS issues you'd like to avoid.
    In case you're looking for redundancy, this is definitely not the right approach.

    By going with option 1, each DNS server has it's own hostname and IP. This is much clearer and easier to debug in case you're experiencing any technical issues.

    Thanked by 2Saragoldfarb sin
  • When creating a nameserver at your domain name at your domain registrar is it possible to have multiple IP addresses for the same nameserver? Creating a nameserver at your domain is sometimes referred to as "registering a nameserver" or "registering a child nameserver".

  • @elgs said:
    It depends on your purposes.

    Keyword here is availability :) It should just be redundant and work.

    @Shot2 said:
    Although roughly equivalent, best practice is - theoretically - the first solution, but this is largely implementation dependent. The second solution adds a tiny extra level of complexity and uncertainty.

    That's what I was thinking as well. Thanks for your insights!

    @LiteServer said:
    Go for the first option. Pretty easy why;
    Going with option 1, each DNS server has it's own hostname and IP. This is much clearer and easier to debug in case you're experiencing any technical issues.

    Thanks. Good point. Why overcomplicate things right? I guess we'll stick with option one :)

  • @Abdussamad said:
    When creating a nameserver at your domain name at your domain registrar is it possible to have multiple IP addresses for the same nameserver? Creating a nameserver at your domain is sometimes referred to as "registering a nameserver" or "registering a child nameserver".

    Yes that's possible. That's why I wanted to explore that option.

  • Thinking about it... What happens if you have both ipv4 and ipv6? Would it resolve the nameserver round robin? Just like when you use 2 ipv4 addresses for one server?

    Maybe I'll get a couple of LEBs and set up a test. See how it works out :)

  • edited July 2016

    @Saragoldfarb said:
    Thinking about it... What happens if you have both ipv4 and ipv6? Would it resolve the nameserver round robin? Just like when you use 2 ipv4 addresses for one server?

    Maybe I'll get a couple of LEBs and set up a test. See how it works out :)

    Not really,

    The device's DNS client (well at least for Linux, not sure about other OS, sorry), would check /etc/gai.conf to see if IPv4 is preferred over IPv6 (By default, it isn't, IPv6 is prefered).

    That determines whether IPv6 or IPv4 will be used if a DNS request returns both a IPv4 and IPv6.

    Also if possible, I would highly recommend getting some DDOS protection for the DNS servers if this is an important site/domain that must stay up.

    Thanked by 1Saragoldfarb
  • @ALinuxNinja said:

    @Saragoldfarb said:
    Thinking about it... What happens if you have both ipv4 and ipv6? Would it resolve the nameserver round robin? Just like when you use 2 ipv4 addresses for one server?

    Maybe I'll get a couple of LEBs and set up a test. See how it works out :)

    Not really,

    The device's DNS client (well at least for Linux, not sure about other OS, sorry), would check /etc/gai.conf to see if IPv4 is preferred over IPv6 (By default, it isn't, IPv6 is prefered).

    That determines whether IPv6 or IPv4 will be used if a DNS request returns both a IPv4 and IPv6.

    Also if possible, I would highly recommend getting some DDOS protection for the DNS servers if this is an important site/domain that must stay up.

    Cheers! And yeah, ddos protection is taken care of. Never been hit by a ddos so far luckily. Don't think anyone would care to ddos us but it's better to be safe than sorry. Paying extra for that peace of mind is no big deal.

  • Thanks all for the feedback. I have been running a test setup for both solutions and the 1st one seems to be most reliable. I decided to do load balancing at server level so no extra point of failure is added.

  • WebProjectWebProject Host Rep, Veteran

    your current situation is much better if you do have 4 different servers on 4 different networks and preferably different countries or continents.

  • @WebProject said:
    your current situation is much better if you do have 4 different servers on 4 different networks and preferably different countries or continents.

    All taken care of, thanks for the advice!. Never had issues with the current setup but always looking for improvement :)

Sign In or Register to comment.