<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p>On 03/05/2016 11:17 AM, Tony Wicks wrote:<br>
</p>
<blockquote cite="mid:000501d1a4ea$57eda670$07c8f350$@wicks.co.nz"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
span.EmailStyle18
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:#1F497D;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US">Personally,
I’d recommend sticking with bind, but load balance a couple
of VM’s behind a couple of pairs of entry level (say 100D,
VM01 or larger) Fortigate pairs (built in basic but
perfectly adequate load balancing/health checking). That way
you can easily and cheaply scale, grow and maintain as
needed. This works well.<o:p></o:p></span></p>
</div>
</blockquote>
<br>
My go to setup for caching DNS is:<br>
<br>
PowerDNS or Unbound (I prefer PowerDNS as I make extensive use of it
for authoritative DNS and make use of some of its features that
Unbound/Bind do not have), this setup will work fine with any
resolver.<br>
Each DNS server has ExaBGP installed, BGP peering with core router.
BGP sessions have multipath enabled.<br>
ExaBGP configured to use a health check script, all DNS servers
advertise the same prefixes to the router.<br>
<br>
The router takes care of spreading the load across the DNS servers
(equal cost multipath), BGP ensures that traffic is only hitting
servers that are being advertised as up, ExaBGP takes care of health
checks to make sure the DNS service is working as expected.<br>
<br>
I use the same IP's for DNS from all data centers which are
advertised to each other over IPSEC tunnels so that worst case if
all of the DNS is offline for one data center it will be routed to
the others.<br>
<br>
I prefer doing it like this as there is no extra cost
(licensing/hardware/support) for load balancers and one less failure
point to worry about.<br>
<br>
I wrote a script for health checking with ExaBGP which I recently
stuck on github: <a class="moz-txt-link-freetext" href="https://github.com/shthead/exabgp-healthcheck">https://github.com/shthead/exabgp-healthcheck</a>.
There is a python health check script that comes with ExaBGP but at
the time there was none available, I made this script to do exactly
what I wanted.<br>
</body>
</html>