Mike Hoskins (michoski) <micho...@cisco.com> wrote: > > I've ran several large DNS infras over the years. Back in 2005/6 I > finally drank the koolaid and migrated a large caching infra > (authoritative was kept on bare metal) to VMWare+Linux.
Amusingly our setup is the exact opposite - authoritative on VMs and recursive on metal. > Finally after babysitting that for a few years, we moved everything back > to bare metal in the name of "dependency reduction" -- we didn't want core > things like DNS relying on anything more than absolutely necessary (I'd > argue this is a sound engineering principle for any infrastructure admin > to fight for, despite the fact most pointy hairs will value cost savings > more and it flies in the face of NFV hotness). For exactly this reason :-) The recursive servers have their own copies of our zones, so they only depend on the auth servers for zone transfers; an auth outage doesn't damage local recursive service, and we have secondary servers to provide auth coverage for non-local users. Tony. -- f.anthony.n.finch <d...@dotat.at> http://dotat.at/ Southwest Dover, Wight, Portland, Plymouth, North Biscay: Northwesterly 6 to gale 8, perhaps severe gale 9 later. Moderate or rough. Squally showers. Good, occasionally moderate. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
