[Pdns-users] Newbie question on using multiple forwarders
Kevin P. Fleming
kevin at km6g.us
Wed May 12 10:20:02 UTC 2021
The 'dnsdist' project, also from the PowerDNS team, is pretty much
designed for this sort of thing: directiing/balancing requests among
groups of DNS servers.
On Tue, May 11, 2021 at 6:50 PM John Von Essen via Pdns-users
<pdns-users at mailman.powerdns.com> wrote:
>
> I apologize if this question is old news, but I’m curious about my proposed pdns solution and how to integrate multiple forwarders.
>
> Background, large infrastructure running in Azure. Previously, we used Azure’s internal resolver, but we got bitten bad by two DNS/resolver outages in Azure in the past 6 months. External resolution is critical to our app.
>
> We are in 5 geo regions, each region has between 15-30 VMs. My proposed solution (and I have working PoC right now) is in each of the 5 regions I am going to build a new resolver VM running pdns-recursor.
>
> For arguments sake, call this virgina-ns1, chicago-ns1, dublin-ns1, etc.,. These nodes are a fairly vanilla pdns config, recursion doesn’t hit any forwarders, rather it goes right to ROOT NS. We want to eliminate SPOFs. Obviously, lots of caching.
>
>
> Now, in each region (say dublin), we have 30 servers. These 30 VMs will also have pdns-recursor installed listening on 127.0.0.1, acting as a local caching forwarder. Again, a fairly vanilla config except I add:
>
> forward-zones-recurse=.=10.10.0.253
>
> Where 10.10.0.253 is the IP of dublin-ns1 - aka my regional resolver that goes out to ROOT. This is all works fine, but obviously 10.10.0.253 is now a single point of failure. I can add multiple forwaders like this:
>
> forward-zones-recurse=.=10.10.0.253;10.20.0.253;10.30.0.254
>
> In this case I have three listed, the first one is my nearest, the next two reside in adjacent regions from Dublin (say US and Asia).
>
> My question is for a random server in Dublin, hitting pdns-recursor on localhost with those 3 forwarders, how is the traffic distributed? Does it go to the first one listed, and then only if the first one doesn’t respond, it tries the next?
> I ask because I did a stress test with a similar setup and I saw that approx 60-70% of requests went to the IP of the first forwarder listed, then 30% to the second. I was expecting 100% traffic to the first.
>
> Thanks in advance, sorry for the long post. I’m a long time Bind user, but really liking pdns so far.
>
> -John
>
>
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> https://mailman.powerdns.com/mailman/listinfo/pdns-users
More information about the Pdns-users
mailing list