Sometimes classic DNS will simply not do (for various reasons – you’ll find some at the end of my post) and when that happens you start looking for interesting ways to set it up. I will show you how i chose to do DNS for my personal domain.
Configure 2 servers (VMs, containers or physical) as your actual DNS servers using whatever piece of software you want (bind, pdns, etc) – they need to be (on) different physical servers and ideally in different geographic locations if possible. These are the servers where you make changes to zone files and ideally run on an internal network range.
Configure 2 more servers (VMs, containers or physical) which are both public facing and can access the internal network – same rules as above – then install nginx on them. These will be the load balancers for DNS and will balance customer queries.
Assuming your master DNS servers are
dns1 = 192.168.123.10
dns2 = 192.168.123.11
and your load balancer public IPs are
lb1 = 8.8.8.8
lb2 = 8.8.4.4
here’s how your nginx.conf should look like on lb1 (i’m running it on CentOS7 so you may want to adjust it a bit for your Linux distro):
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
stream {
upstream dns_servers {
server 192.168.123.10:53 fail_timeout=10s;
server 192.168.123.11:53 fail_timeout=10s;
}server {
listen 8.8.8.8:53 udp;
proxy_pass dns_servers;
error_log /var/log/nginx/dns.log info;
proxy_responses 1;
proxy_timeout 1s;
}}
For lb2 simply change 8.8.8.8 with 8.8.4.4 (the public ip for your second load balancer).
You may want to tweak settings a bit for a busy server (in my case that’s not the case hence the values you see above) and remember that your zone files need to have the NS records pointing to your public ips and not your internal ones.
In case you want to deploy something like this in production remember that it is good practice to split by role (no matter how big or small) … in other words rather than using 2 dns servers for customer queries and internal resolvers you might want to have a pair of resolvers which you configure on your machines to access the Internet, a pair of dns load balancers which you configure to handle the public traffic and a pair of nameservers that handle your zone files.
My reasoning behind doing things like this was simple (the various reasons i was referring to at the beginning of this post): if i take down one of the lbs , dns still works and balances requests to my master servers (might feel like site is loading a bit sluggish in some cases but will load) , if i take down one of the master servers, whoever wants to access my domain will not feel it at all because the load balancers will forward requests to the one that’s still online, if my dns servers are under DDOS/DOS i can mitigate at load balancer level and not overload cpu on masters, if there’s too much DNS traffic and my masters can’t take it i can add a few more and distribute it between them, etc (i can go on but you get the idea)