Am Wed, 12 May 2021 11:49:29 +0200 schrieb "Bernhard M. Wiedemann" <bernhardout@lsmod.de>:
On 12/05/2021 11.36, Per Jessen wrote:
Sofar mx[12] have been using anna+elsa as resolvers. My personal preference is to avoid running a resolving DNS locally, I believe it is better to run one or two centrally, to benefit from caching of requests from many machines.
MX1+2 could use a local caching resolver, that uses anna+elsa to forward cache misses. This way you get faster lookups and still have shared caches.
Yes: this is a setup I would expect. I see also a lot of traffic reaching anna, while elsa is way less used. While we might be able to tune this a bit in the DNS setup, I think we should make more use of the resolver options on our internal machines: options attempts:1 timeout:1 rotate would be my recommended line in /etc/resolv.conf for internal machines. attempts:1 -> switch to another nameserver, if the 1st request fails timeout:1 -> switch to another nameserver, if not getting an answer after 1 second rotate -> rotate requests to the nameservers in the list Without the line above, our clients behavior is: * wait 30 seconds, if an DNS error occurs or the first DNS server in the line can not be reached * requests go out always to the first "nameserver" entry in the list - all other nameserver entries are only used in case of errors IMHO this somehow cries to be managed via Salt, but so far I could not see that we have a "base" or "common" role defined in our Salt repo? Regards, Lars