Am 2019-07-25 15:41, schrieb hw: > On 7/25/19 2:53 PM, rainer at ultra-secure.de wrote: >> Am 2019-07-25 14:51, schrieb hw: >>> Hi, >>> >>> how can DNS reliability, as experienced by clients on the LAN who are >>> sending queries, be increased? >>> >>> Would I have to set up some sort of cluster consisting of several >>> servers all providing DNS services which is reachable under a single >>> IP address known to the clients? >>> >>> Just setting up several name servers and making them known to the >>> clients >>> for the clients to automatically switch isn't a good solution because >>> the clients take their timeouts and users lacking even the most basic >>> knowledge inevitably panic when the first name server does not answer >>> queries. >> >> Run a local cache (unbound) and enter all your local resolvers as >> upstreams. > > That can fail just as well --- or be even worse when the clients can't > switch > over anymore. I have that and am avoiding to use it for some clients > because > it takes a while for the cache to get updated when I make changes. > > However, if that cache fails, chances are that the internet connection > is also > down in which case it can be troublesome to even get local host names > resolved. > When that happens, trouble is to be expected. Anything else is - IMHO - much more work, much more complicated and much more likely to fail, in a more spectacular way. Especially all those keepalive "solutions". I have found that I need to restart unbound if all upstreams had failed.