Nameservers rotation

somsomers · Nov 10, 2012

Hello.

I need to resolve a huge number of domains. The problem is my nameservers cannot handle so many queries.
So, is there any way to distribute resolve queries between several nameservers (resolv.conf). Maybe something like "options rotate" in linux?

Thank you.

Scorpiion · Jun 19, 2013

I run into this "issue" as well, not a huge problem but still. I wonder how people usually solve this?

In my case, I have two DNS servers for redundancy, do you guys usually just let the first one take all requests? Or is there some good way to distribute the queries? Other than the obvious, but kind of ugly solution of putting DNS server 1 first in resolv.conf on servers X and DNS server 2 first for servers X+1?

Regards

SirDice · Jun 19, 2013

Not sure if this would work but ideally you'd have two DNS servers, each in a different location. One or both of those servers could be "mirrored" and have carp(4). So the clients only have two DNS server addresses but in reality there are four or more.

Scorpiion · Jun 19, 2013

Hi @SirDice, and thanks for your input.

Yeah, I did not think about CARP, maybe I can get the load balancing I want with ARP level load balancing. As I said it's not a huge issue right now, I have more important things to do, but still an interesting topic and the Linux "rotate" option seemed very handy. I will try to set up CARP for my DNS servers later and give them the same IP.

DutchDaemon · Jun 19, 2013

If you only need resolving (i.e. not anything authoritative for hosting local domains), pick a quick stub resolver like Unbound (there are more), and if possible, forward queries to open resolvers like Google DNS and OpenDNS and cache the hell out of the responses.

Scorpiion · Jun 19, 2013

Hi @DutchDaemon and thanks for the tip about Unbound, had not seen it before. We do host local domains quite actively though so resolving only would not have been enough.

DutchDaemon · Jun 19, 2013

You can host local DNS records in unbound just fine, e.g.

Code:

local-data:     "host1014.some.domain.eu.          A       192.168.0.198"
local-data:     "198.0.168.192.in-addr.arpa.    PTR     host1014.some.domain.eu."

local-data:     "mail.other.local.us.          A       192.168.0.150"
local-data:     "150.0.168.192.in-addr.arpa.    PTR     mail.other.local.us."

morbit · Jun 16, 2017

I do not want to host local DNS records. All I care for, is to distribute my DNS queries across arbitrary chosen list of servers. Is there a simple solution to this?

UnixRocks · Jun 16, 2017

We use a load balancer in front of our caching DNS servers. That is an industry accepted standard for distributing load among servers where one server cannot handle it alone.

morbit · Jun 16, 2017

That might be technically correct answer, but not mine issue. I just wanted to have a some kind of local DNS server addresses rotation, presumably pseudo random. I do not trust any single one public provider.

UnixRocks · Jun 16, 2017

morbit said:
That might be technically correct answer, but not mine issue. I just wanted to have a some kind of local DNS server addresses rotation, presumably pseudo random. I do not trust any single one public provider.

Ah, I misunderstood the problem then. I was coming at it from the side of the provider of DNS, not the consumer of DNS. I apologize for the noise.

ShelLuser · Jun 17, 2017

morbit said:
I do not want to host local DNS records.

I doubt you'll have a say in the matter. Even if you set up a simple resolver then it will basically always cache its results effectively keeping several records hosted locally for a period of time.

morbit said:
All I care for, is to distribute my DNS queries across arbitrary chosen list of servers. Is there a simple solution to this?

First of all: why? What are you hoping to achieve by this? Because I can't help wonder if you're not trying to solve a symptom of some sort while not fully overseeing the way things work with DNS.

The best way to try and spread your requests across multiple servers is to run a local DNS server yourself. Don't configure a forwarder of any kind but just let the server look up its own things. That would effectively result in the server only contacting the DNS servers which domains you're using.

morbit · Jun 17, 2017

I truly appreciate your reply, but that's also precisely what I'm not asking for. I do not want to run a local DNS server at all. I just wanted to not "put all eggs in one basket" with Google DNS nor Open NIC or any other sole DNS supplier for my local machine. Similar to original question about "option rotate". All I can think of is some cron job, which feels like a hack.

ShelLuser · Jun 17, 2017

morbit said:
I just wanted to not "put all eggs in one basket" with Google DNS nor Open NIC or any other sole DNS supplier for my local machine. Similar to original question about "option rotate".

Yeah, you'll run into a problem because the whole infrastructure wasn't really build for this. For example /etc/resolv.conf only allows for up to 3 nameserver entries where basically only the first one will be used and the others as fallback.

The only alternative I can come up with is local unbound. See unbound(8). It's a default part of the base system, not a full DNS server but... it does come close in the sense that it basically performs the resolve part which a DNS server would also do. And that automatically means that it'll contact the separate DNS servers which are hosting the domain's you're looking for instead of focusing on 1 main resolver (though it can be configured that way of course).

Nameservers rotation

somsomers

Scorpiion

SirDice

Administrator

Scorpiion

DutchDaemon

Administrator

Scorpiion

DutchDaemon

Administrator

morbit

UnixRocks

morbit

UnixRocks

ShelLuser

morbit

ShelLuser