On 7/25/19 4:07 PM, Giles Coochey wrote: > > On 25/07/2019 13:51, hw wrote: >> Hi, >> >> how can DNS reliability, as experienced by clients on the LAN who are >> sending queries, be increased? >> >> Would I have to set up some sort of cluster consisting of several >> servers all providing DNS services which is reachable under a single >> IP address known to the clients? >> >> Just setting up several name servers and making them known to the clients >> for the clients to automatically switch isn't a good solution because >> the clients take their timeouts and users lacking even the most basic >> knowledge inevitably panic when the first name server does not answer >> queries. > > Sounds like you're performing maintenance on your servers > > (a) too often > (b) during office / peak hours I can't help it when the primary name server goes down because the UPS fails the self test and tells the server it has 2 minutes or so left in wich case the server figures it needs to shut down. I wanted better UPSs ... > You could load balance multiple servers (using lots of available load-balancing technologies) to allow you to perform maintenance at certain times, but it has its own issues. Load balancing or clustering? At least clustering seems not entirely trivial to do. > I've recently been looking at PowerDNS, which separates the recursor and the authoritative server into two distinct packages. I'm just running the authoritative server as a master, and keeping my old bind/named servers as recursors / slaves. This can be done with bind, how does it require something called PowerDNS? > It's a home > office network, but I only have issues when I'm tinkering, and if I were to be doing this kind of work in a larger commercial environment, then I would not be doing DNS server maintenance while others were relying on them. The maintenance didn't cause any problems. You can edit the configuration just fine and restart the server when done ... :) > For much of the back end infrastructure I use IP addresses rather than DNS names in their configuration, just to take DNS issues out of the equation completely. I think this is a very bad idea because it causes lots of work and is likely to cause issues. What if you, for example, migrate remote logging to another server? All the time, you have to document every place where you put an IP address; you have to keep the documentation always up to date and then change the address at every place when you make a change. Forget one place, and things break. But when you use names instead of addresses, like 'log.example.com', you only need to make a single change at a single place such as you alter the address in your name server config. DNS can be difficult to get right, though it's not all that difficult, and once it's working, there aren't really any issues other than that a server can become unreachable.