[dnsdist] dnsdist single point of failure

Chris lists at shthead.net
Mon Oct 16 05:16:41 UTC 2017


On 16/10/2017 12:08 PM, longtb5 at viettel.com.vn wrote:
> Now I want to use dnsdist to distribute DNS request onto those 2 DNS 
> servers. Wouldn’t that make dnsdist the new SPoF?

For my situation, I have set up the following:

Each location has 3 dnsdist servers. For recursive DNS I have 2 IPv4 
IP's and 2 IPv6 IP's bound on loopback on the dnsdist servers. Each 
dnsdist server runs ExaBGP with a health check and announces the 4 IP's 
bound to loopback to the route servers which are then distributed into 
the network. The same 4 IP's are announced from each location (anycast), 
there is IPSEC tunnels with BGP running over those between the locations 
as well. The route servers have BGP add path enabled as well as our 
other network devices that talk BGP to the route servers, so the route 
servers advertise the 3 available paths locally. This takes care of 
balancing the load with ECMP between the 3 paths as well as a bonus (no 
stateful load balancer to worry about).

This removes any single point of failure, infact all 3 dnsdist servers 
can be entirely offline in a location and routing will take care of 
making the traffic be directed to the next closest available location 

More information about the dnsdist mailing list