On Tue, Feb 07, 2012 at 03:17:45PM +0800, Jeff Peng wrote: > δΊ 2012-2-7 15:09, sasa sasa ει: > >I got a server with 16GB memory, want to install 2 BIND on > >CentOS, one cache only and another authoritative.
> >Is it better to install 2 OS virtually and run BIND in them > >or run 2 instances of BIND on the same OS? I mean what is > >the best practice to take advantage of the hardware > >resources without risking having single DNS with cache and > >authoritative? > > One OS with two or more public IPs for different BIND instances > is better IMO. I would use different ports, and a NAT redirect of one of the IP addresses to the alternate port. Another possibility, if the caching server is only serving the processes on this machine, bind it on localhost, and put the authoritative server on the external IP. (Don't forget to use an alternate controls section for one of these instances; otherwise they're both going to try for 127.0.0.1:953.) To those who are suggesting views: sure, this can be done, but if another exploit like the last big one comes along and named crashes, both authoritative name service and the resolver are affected. I think the OP's goal (quite reasonable IMO) was to keep them separate, and what Jeff and I are talking about will do that. -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if "/dev/rob0" is in the Subject: _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
