On Tue, 28 Aug 2007, reje wrote:
>On the other side, I really need to introduce
>_additional_ availability of DNS servers/resolvers.
>This is especially true for resolvers as they are the
>first layer users are facing. Assume the situation
>when ordinary Windows user tries to access a web page
>not yet cached in his box local DNS cache. From my
>experience, it's needed up to 15 seconds for Windows
>box to contact the other resolver. And that is
>something I'm trying to avoid by using
>high-availability and load-balancing.
>
>As already seen, it cannot be done (yet) using
>hoststated or "rdr" alone because packet payload
>inspection and modification is needed for it to work,
>and it is a hack, etc.etc.
>
>I was also reading about new features of IP-based
>load-balancing in carp(4) in the upcoming release of
>OpenBSD (4.2). It seems that it would be enough to
>install a farm of OpenBSD resolver boxes with CARP and
>IP load balancing enabled on the boxes themselves. No
>external load-balancing boxes, no packet modifications
>required. Altough, it seems that it does require some
>extra configuring depending on network equipment being
>used. Also, IP load-balancing imposses additional load
>to network equipment. (I'm dealing with Cisco Catalyst
>6500 series switches)
>
>To conclude my goals:
>- remove 15 second timeout for end users,
I'm not a DNS guru, nor do I play one on the 'net, but it seems to me
that if you're routinely taking 15 seconds to get a response to a DNS
query, something is broken!
>- deal with only 2 resolver addresses,
>- use more than 2 resolver boxes.
Am I correct in inferring that the problem here is that the Windows
boxes can't handle more than 2 resolver addresses? If so, and if
they're getting their DNS-server information via DHCP, it might be much
easier and almost as effective to hack the DHCP server to have a large
pool of DNS-server addresses and randomly(?) select two of them to
provide in each response it sends.
Dave
--
Dave Anderson
<[EMAIL PROTECTED]>
