[CentOS] how to increase DNS reliability?

Thu Jul 25 14:07:55 UTC 2019
Giles Coochey <giles at coochey.net>

On 25/07/2019 13:51, hw wrote:
> Hi,
>
> how can DNS reliability, as experienced by clients on the LAN who are
> sending queries, be increased?
>
> Would I have to set up some sort of cluster consisting of several
> servers all providing DNS services which is reachable under a single
> IP address known to the clients?
>
> Just setting up several name servers and making them known to the clients
> for the clients to automatically switch isn't a good solution because
> the clients take their timeouts and users lacking even the most basic
> knowledge inevitably panic when the first name server does not answer
> queries.

Sounds like you're performing maintenance on your servers

(a) too often
(b) during office / peak hours

You could load balance multiple servers (using lots of available 
load-balancing technologies) to allow you to perform maintenance at 
certain times, but it has its own issues.

I've recently been looking at PowerDNS, which separates the recursor and 
the authoritative server into two distinct packages. I'm just running 
the authoritative server as a master, and keeping my old bind/named 
servers as recursors / slaves. It's a home office network, but I only 
have issues when I'm tinkering, and if I were to be doing this kind of 
work in a larger commercial environment, then I would not be doing DNS 
server maintenance while others were relying on them.

For much of the back end infrastructure I use IP addresses rather than 
DNS names in their configuration, just to take DNS issues out of the 
equation completely.