Thanks Daniel. Good to hear of someone using NAT for DNS traffic. My
fears of it are mostly performance-based--every DNS query takes up a new
entry in the ACE's NAT table. In our case, that's thousands of queries
per second that the ACE has to keep in memory. I've shown it to be a
slight (25% or so) performance hit in terms of max queries/second.
At this point, these are recursive-only servers, so I'm not even worried
about zone transfers--that piece of the project comes next! The
rservers will be doing a bunch of outbound queries, however, and using
their real addresses for that.
John
On 10/19/2012 04:32 PM, Daniel McDonald wrote:
I've not bothered with nat - just place rservers with unique addresses
behind the ACE, let them use the ACE as their default gateway, and then
publish a vip. The rservers use their real address for zone transfers with
the master, while clients only talk with the vip address.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
