[Pdns-users] Newbie question on using multiple forwarders

John Von Essen john at essenz.com
Tue May 11 22:50:26 UTC 2021 

I apologize if this question is old news, but I’m curious about my proposed pdns solution and how to integrate multiple forwarders.

Background, large infrastructure running in Azure. Previously, we used Azure’s internal resolver, but we got bitten bad by two DNS/resolver outages in Azure in the past 6 months. External resolution is critical to our app.

We are in 5 geo regions, each region has between 15-30 VMs. My proposed solution (and I have working PoC right now) is in each of the 5 regions I am going to build a new resolver VM running pdns-recursor.

For arguments sake, call this virgina-ns1, chicago-ns1, dublin-ns1, etc.,. These nodes are a fairly vanilla pdns config, recursion doesn’t hit any forwarders, rather it goes right to ROOT NS. We want to eliminate SPOFs. Obviously, lots of caching.


Now, in each region (say dublin), we have 30 servers. These 30 VMs will also have pdns-recursor installed listening on 127.0.0.1, acting as a local caching forwarder. Again, a fairly vanilla config except I add:

forward-zones-recurse=.=10.10.0.253

Where 10.10.0.253 is the IP of dublin-ns1 - aka my regional resolver that goes out to ROOT. This is all works fine, but obviously 10.10.0.253 is now a single point of failure. I can add multiple forwaders like this:

forward-zones-recurse=.=10.10.0.253;10.20.0.253;10.30.0.254

In this case I have three listed, the first one is my nearest, the next two reside in adjacent regions from Dublin (say US and Asia).

My question is for a random server in Dublin, hitting pdns-recursor on localhost with those 3 forwarders, how is the traffic distributed? Does it go to the first one listed, and then only if the first one doesn’t respond, it tries the next?
I ask because I did a stress test with a similar setup and I saw that approx 60-70% of requests went to the IP of the first forwarder listed, then 30% to the second. I was expecting 100% traffic to the first.

Thanks in advance, sorry for the long post. I’m a long time Bind user, but really liking pdns so far.

-John

More information about the Pdns-users mailing list