On Tue, Aug 04, 2015 at 12:00:32PM -0400, Jared Mauch wrote:
I recommend using DNSDIST to balance traffic at a protocol level as you can have implementation diversity on the backside.
Here's an example dnsdist config you might find helpful: This sends queries to the first two servers unless they are for domains in the "nether" pool list. They go to other servers. You can restrict access based on the Acl. newServer("x.x.223.10") newServer("x.x.223.20") ;setServerPolicy(firstAvailable) -- first server within its QPS limit setServerPolicy(leastOutstanding) webserver("0.0.0.0:8083", "AskMe") addACL("192.168.0.0/22") addACL("10.0.0.0/16") addACL("172.16.22.0/24") setKey("AskMe") controlSocket("127.0.0.1:1099") newServer{address="129.250.35.250", pool="nether"} newServer{address="129.250.35.251", pool="nether"} newServer{address="8.8.8.8", pool="nether"} addPoolRule({"ntt.net.", "nether.net."}, "nether") addPoolRule({"arpa.", "google.", "gmail.com.", "google.com.", "googlemail.com."}, "nether") -- Jared Mauch | pgp key available via finger from jared@puck.nether.net clue++; | http://puck.nether.net/~jared/ My statements are only mine.