Thanks for your reply. Regarding versioning, while I would like to be on the most current version, I don't want to build from source and that leaves me relying on my distro (CentOS 7.6 is where I put my stake in the ground, at present) package manager's version which is presently 9.11.4-9.P2. I assume someone is backporting critical patches as I'm not getting complaints from a credentialed OpenVAS scan, but I appreciate your caution about the version I'm using and MaxMind GeoIP.
You also make a good point about the delta between round-robin and geoIP being rapidly eaten up with hassle credits, particularly considering the abstraction layer introduced by DNS caches decoupling user location from DNS server location. I feel that the really large public DNS caches would only exacerbate this problem to the point that all my effort will be wasted and my time better spent making my site as responsive as it can be, regardless of source. Lots to think about... Much obliged, Scott ________________________________ From: bind-users <bind-users-boun...@lists.isc.org> on behalf of G.W. Haywood via bind-users <bind-users@lists.isc.org> Sent: February 23, 2020 7:59 AM To: bind-users@lists.isc.org <bind-users@lists.isc.org> Subject: Re: Advice on balancing web traffic using geoip ACls Hi there, On Sun, 23 Feb 2020, Scott A. Wozny wrote: > Greetings BIND gurus, Sorry, I can't make any claim to be a BIND guru. > ... webserver clusters hosted on the west and east coasts of the US > and would like to use Bind 9.11.4 Hmmm. You might want to look e.g. at all the fixes since 9.11.4 in https://downloads.isc.org/isc/bind9/9.11.16/RELEASE-NOTES-bind-9.11.16.html > with the Maxmind GeoIP database to split the traffic about evenly ... especially the release notes for 9.11.15 if you're sure about MaxMind. (After the changes in their APIs a while back cost me many weeks of effort, and some temporary loss in functionality, I'd be very cautious about relying on them again. It was a completely different scenario.) Of course even if you do look at the location of your DNS clients, it doesn't tell you much about where _their_ clients are, nor much about the routing of any packets that their clients might exchange with your webservers. In England I frequently see email from the neighbouring town that's been routed via Austria, Finland, Japan... Wouldn't even random routing or round-robin (basically do nothing) be easier to implement, faster, more reliable, more (perhaps strangely) predictable, and ... ? https://en.wikipedia.org/wiki/Round-robin_DNS For your use case I guess you'd really need to instrument something to know for sure, and by then you've gone and done it anyway. :) -- 73, Ged. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users