On Thu, 6 Oct 2005 16:55:05 +0400 Vladimir Potapov <[EMAIL PROTECTED]> wrote:
> We have 1 server on which running firewall and DNS master service. And > we planned to install another server for load balancing and redudancy. > 2 servers(each have running PF and BIND) will balancing load (or one > will master and other slave) for DNS and PF. > Does anyone protect DNS service via CARP and PFsync? Does it work? > Whether there can be problems(for example, with zones transfers, dns > queries Zone transfers are on tcp/53, DNS lookups are 53/udp, so: pass in on $ext_if proto udp from any to $DNS port 53 keep state and if required: pass in on $ext_if proto tcp from $ext_net to $DNS port 53 keep state I use TinyDNS here, so we don't really need to transfer zones as its handled with a single data file. CARP can be good with DNS. -- Regards, Ed http://www.usenix.org.uk
