DNS Load Balancing/Clustering... is it necessary?

[IrishSS]

I am working on putting up a new Internet network server infrastructure at work... it's solely used for internet access, email, external connectivity, etc. etc. There are about 2500 users on 850 machines roughly. I have two loaded Dell 2850's that I have slated for DNS use, but here's the question...

Should I use some form of load balancing? Clustering? Do I need it? Do I want it? I can set up one as a primary DNS and have the second one use the same DNS table, but is that as effective as attempting a load balancing scenario? Will it all work just fine if I have the primary and secondary, or will the traffic only be directed to the secondary if the primary goes down?

[Jeffbx]

Why are you hosting your own DNS? Doesn't your ISP provide a server to use?

But to answer your question, here's what I would do -

Assuming you have multiple DHCP subnets, I'd just assign half of the ranges to use Server A as the primary & Server B as secondary. On the rest, just flip it around. BAM! Automatic load balancing with failover & no need for server side configuration.

[TruckStuff]

If by "DNS" you are referring strictly to local name resolution, than what Jeffbx said will work fine. If you are actually hosting a name server that will resolve some outside domain, you will probably want to stick a load balancer in front of them.

Why are you hosting your own DNS? Doesn't your ISP provide a server to use?

Many ISPs are starting to demand businesses do their own local name resolution. We use SBC at my office, and one of the terms of the contract is that we should only use their name servers in emergency situations. Under normal operation, we are required to do our own local resolution. Plus a lot of admins (like me) don't trust other people's servers.

[IrishSS]

We actually point to external DNS servers for sites that the internal boxes don't have cached, but that has to go through the firewall, out, back, etc. etc. Plus, we have to have some sort of internal DNS for obvious name resolution...

[attgig]

Why are you hosting your own DNS? Doesn't your ISP provide a server to use?

But to answer your question, here's what I would do -

Assuming you have multiple DHCP subnets, I'd just assign half of the ranges to use Server A as the primary & Server B as secondary. On the rest, just flip it around. BAM! Automatic load balancing with failover & no need for server side configuration.

would that policy be easy to push out to 1/2 & 1/2? also, how would you maintain that ratio going forward as machines get retired, and new ones come in. seems like a hassle.

I hate clustering. MS clusters suck. unless these servers are using 2k3
load balanced router is expensive. unless you have one lying around....the cost prolly won't be justified.

[IrishSS]

would that policy be easy to push out to 1/2 & 1/2? also, how would you maintain that ratio going forward as machines get retired, and new ones come in. seems like a hassle.

I hate clustering. MS clusters suck. unless these servers are using 2k3
load balanced router is expensive. unless you have one lying around....the cost prolly won't be justified.

They are actually 2k3 64 bit.

[attgig]

cool, clusters are a lot better with the 2k3. That would probably be your easiest option.

[IrishSS]

See, therein lies my question... do I need to cluster them?

If I simply set up two DNS servers with the secondary pointing to the primary table, will requests only be sent to the primary until it fails?

[Jeffbx]

would that policy be easy to push out to 1/2 & 1/2? also, how would you maintain that ratio going forward as machines get retired, and new ones come in. seems like a hassle.

You just do it through DHCP. Of course, this assumes that 1) you're USING DHCP to assign addresses and 2) you have multiple subnets.

If both are true, you just set half the subnets to one setting & half to the second. Your subnets will always be reasonably balanced, so the machine ratios should be as well. No need to worry about settings on individual machines.

I really don't see any reason to cluster them. Even if one machine fails, as long as both are listed all the requests will automatically be sent to the 2nd.

[IrishSS]

While I realize it's not the best practice, we have reservations through DCHP based off individual MAC addresses. This ensures each machine gets the ip we want it to.

We create a massive spreadsheet and use a tool to import it into DHCP. We use a different subnet to segregate traffic on each floor, so I can take the number of machines we have per floor and evenly divide the floors up amongst DNS servers.

It's a little bit of a headache initially, but I think it'll pay off in the long run. I was just hoping to do it through load balancing or clustering to avoid having to do this...

[Jeffbx]

While I realize it's not the best practice, we have reservations through DCHP based off individual MAC addresses. This ensures each machine gets the ip we want it to.

We do the same thing, but for security reasons. No one can get a DHCP address unless their MAC address is registered.

It's a little bit of a headache initially, but I think it'll pay off in the long run. I was just hoping to do it through load balancing or clustering to avoid having to do this...

I think it'll be way easier & cheaper to do it this way - if I remember correctly, you need the Enterprise edition of Windows Server to even support clustering. Don't know about load balancing, tho - you might be able to do that with standard Windows Server.

[IrishSS]

You cant load balance without clustering... they don't come right out and say it, but after a little bit of research you come to realize it... Hell, i'd like to load balance across dual NICS on the same machine. But nooooooooo... can't do that either!

Ya, we do it for security too... but why even implement DHCP at that point. You either have to manually enter your MACs somewhere (either DHCP, workstation or both)... so why not spend the time manually addressing them? I realize there are some server options you can configure through DHCP, but aside from gateway, DNS and WINS, I don't use any of em.

[Jeffbx]

so why not spend the time manually addressing them?

We actually only do it for laptops. All of the desktops we use are statically configured, but it's easier for the laptop users to stay on DHCP so they don't have to swap their IP settings when the leave the office.

[IrishSS]

We actually only do it for laptops. All of the desktops we use are statically configured, but it's easier for the laptop users to stay on DHCP so they don't have to swap their IP settings when the leave the office.

Makes sense...

Note to self regarding DNS... if you set your secondary DNS server to only accept table updates from a single ip, then you go and change that ip, amazingly enough the secondary server won't function properly any longer...

It only took an hour of trouble shooting before I remembered doing that.