On 8/28/06, Tim Pushor <[EMAIL PROTECTED]> wrote:
Travers Buda wrote: >> Hi Friends, >> >> I am wondering anyone can think of why I shouldn't provide secondary >> DNS services from a carp cluster of OpenBSD systems? I have an issue >> where my primary DNS server is non-redundant, and trying to find a >> good place for a secondary. I have a cluster of OpenBSD machines >> acting as a router/firewall and would be real convenient to put it >> there. >> >> I'd like it to respond to queries on the carp address ..
Yes. I do this. I have 3 DNS servers, but I also run a caching-forwarder on the firewalls themselves. Only LAN clients can use it though. Initially I did this because I wanted to reduce overhead on squid (we give it quite a workout), but it does help with broken DNS resolvers as well (can it truely be broken in every version of windows?). With this setup, I never have to come in the middle of the night for upgrades. I upgraded the 3 DNS servers and the 2 firewalls in one day (to 3.9) and nobody noticed. I couldn't believe the phones didn't ring once. [1]
>> Can anyone think of a reason to not do this?
Some future remote hole in BIND? --Bryan [1] ps, thank you Daniel, Ryan, and whomever I'm leaving out. My life is so much easier. :-) Ever find yourselves in the northwest USA you can count on free beer.
