0

I'm trying to add two more DNS servers to our pool to have more reliability under load and avoid losing visitors due to attacks or hardware issues.

Since we have many websites setup to point at ns1.domain.com and ns2.domain.com, I've been wondering if it's possible to point ns1.domain.com to 2 different machines, and do the same with ns2.

I'm guessing that this would act as a round robin and some customers will end up connecting to the first machine, some to the second, some to the third, and so on.

However this might break some norms like DNSSEC or confuse machines as some sort of DNS spoofing.

Is this possible / recommended? Or it would be better to change all the delegations and add 4 different DNS hosts? (I'd like to avoid this one)

[EDIT] Changed to question to "is it a good idea", since I know it's possible, I want to know if it's a bad idea due to some reason.

[EDIT-2] I'm not looking of any alternative methods, I only want to know the differences and caveats between using 2 hosts with 4 IPs, vs 4 hosts with the same 4 IPs.

kuteninja
  • 1
  • 3
  • How short are your TTLs? Shouldn't your clients DNS servers (and local machine and browsers) be caching your records for some period? – ivanivan Jun 24 '18 at 17:43
  • The TTLs vary between 5 minutes, 1 hours and 4 hours mostly. I don't see why this is something important though. – kuteninja Jun 24 '18 at 17:55
  • Oh wait, you've meant on the NS records? We are using the default of 86400, I'm guessing you mean that one customer won't see the other DNS up until that period ends? – kuteninja Jun 24 '18 at 17:57
  • Authoritative DNS servers have their glue record(IP of DNS server registered by registrar). Just make sure you are not breaking it. – Tejas Sarade Jun 24 '18 at 18:06
  • I know that it's something that I can do... however, I should have asked "would you recommend against it? why?" – kuteninja Jun 24 '18 at 19:08
  • You might be better off using a hosted service like [CloudFlare](https://www.cloudflare.com/). They have a free DNS offering that distributes traffic to their 100+ data centers around the world and they mitigate attacks no charge. You can't match their infrastructure. No doubt there are other companies with similar services. – Tim Jun 24 '18 at 19:50
  • Yeah, it's not a single website we need to work with, it's more than 2000, please just answer the question, I'm not looking for any alternative other than 2 hosts - 4 ips, or 4 hosts - 4 ips. – kuteninja Jun 24 '18 at 20:38

1 Answers1

0

How does having more Name Servers address the issue of load balancing and reliability of your websites? I think you're misunderstanding what DNS Round Robin is and how it works. Having more Name Servers means you have more... Name Servers.

That doesn't address load balancing of the websites and it doesn't improve the reliability of those websites.

Now if you're trying to improve the reliability and load balancing of your Name Servers then go ahead and add more Name Servers, but if your goal is to load balance and improve the reliability of your websites then having more Name Servers isn't going to help.

joeqwerty
  • 109,901
  • 6
  • 81
  • 172
  • Currently you need to do an UDP Flood of about 2 Gbps to shutdown access to our 2 nameservers, making all our websites immediately down to users without a fresh cache. Having 4 should double that amount. – kuteninja Jun 24 '18 at 18:07
  • Also we can spread the 4 DNS's across different companies to ensure that not all of them are down due to some general connectivity issue on one datacenter. – kuteninja Jun 24 '18 at 18:09
  • But again, that doesn't directly affect the availability or reliability of your websites. – joeqwerty Jun 24 '18 at 18:13
  • If the DNS's are down, the websites are down despite the webservers load. Don't worry about the webservers. It's still not relevant to my question though. Can I point 2 hosts to 4 different IPs or it's better to have 4 different DNS hosts? (ns1 to ns4) – kuteninja Jun 24 '18 at 18:27
  • "If the DNS's are down, the websites are down ", not true or at least not immediately and not for everyone. The websites IP addresses will be in DNS caches... – Patrick Mevzek Jul 10 '18 at 13:27
  • We don't use a high TTL to allow for quick IP changes on migrations. Please don't try to teach me IT, I only want to know if there's a service that expects each DNS host to have 1 unique IP address, or if it's acceptable to have the same host point to 2 different IPs. – kuteninja Jul 20 '18 at 16:31