OT - Small DNS "appliances" for remote offices.
Hopefully not too far off topic for this list. Am looking for options to deploy DNS caching resolvers at remote locations where there may only be minimal infrastructure (FW and Cisco equipment) and limited options for installing a noisier, more power hugnry servers or appliances from a vendor. Stuff like Infoblox is too expensive. We're BIND-based and leaning to stick that way, but open to other options if they present themselves. Am considering the Soekris net6501-50. I can dump a Linux image on there with our DNS config, indudstrial grade design, and OK performance. If the thing fails, clients will hopefully not notice due to anycast which will just hit another DNS server somewhere else on the network albeit with additional latency. We ship out a replacement device rather than mucking with trying to repair. There's also stuff like this[1] which probably gives me more horsepower on my CPU, but maybe not as reliable. Maybe I'm overengineering this. What do others do at smaller remote sites? Also considering putting resolvers only at "hub" locations in our MPLS network based on some latency-based radius. Ray [1] http://www.newegg.com/Mini-Booksize-Barebone-PCs/SubCategory/ID-309
Well, if they ever manage to get them into production, I'm hoping to talk my boss into buying some of these. http://www.fit-pc.com/web/products/fitlet/ We'd just need to figure out a rackmount bracket of some sort. Hide them in the case of our previous gen hardware maybe??? Screw them to a cheap rackmount shelf??? Failing that, I've pointed out that we could afford to put a Raspberry Pi in every one of our sites for less than we paid for the last batch of dns servers.
Not "industrial grade", but Raspberry Pis are pretty great for this kind of low-horsepower application. Throw 2 at each site for redundancy and you have a low-powered, physically small, cheap, dead silent, easily replaceable system for ~$150 per site. Same idea as the Soekris -- just ship out replacements instead of trying to repair -- but even cheaper. Between having 2 (or more) at each site, plus cross-site redundancy via anycast, it would be pretty robust (and cheap enough that you could have cold-spares at each site). On 02/18/2015 09:28 AM, Ray Van Dolson wrote:
Hopefully not too far off topic for this list.
Am looking for options to deploy DNS caching resolvers at remote locations where there may only be minimal infrastructure (FW and Cisco equipment) and limited options for installing a noisier, more power hugnry servers or appliances from a vendor. Stuff like Infoblox is too expensive.
We're BIND-based and leaning to stick that way, but open to other options if they present themselves.
Am considering the Soekris net6501-50. I can dump a Linux image on there with our DNS config, indudstrial grade design, and OK performance. If the thing fails, clients will hopefully not notice due to anycast which will just hit another DNS server somewhere else on the network albeit with additional latency. We ship out a replacement device rather than mucking with trying to repair.
There's also stuff like this[1] which probably gives me more horsepower on my CPU, but maybe not as reliable.
Maybe I'm overengineering this. What do others do at smaller remote sites? Also considering putting resolvers only at "hub" locations in our MPLS network based on some latency-based radius.
Ray
[1] http://www.newegg.com/Mini-Booksize-Barebone-PCs/SubCategory/ID-309
+1 for the pi, The new model has a quad core and 1GB of ram which should be more than enough for a DNS. On 2/18/15 10:03 AM, Peter Kristolaitis wrote:
Not "industrial grade", but Raspberry Pis are pretty great for this kind of low-horsepower application. Throw 2 at each site for redundancy and you have a low-powered, physically small, cheap, dead silent, easily replaceable system for ~$150 per site. Same idea as the Soekris -- just ship out replacements instead of trying to repair -- but even cheaper.
Between having 2 (or more) at each site, plus cross-site redundancy via anycast, it would be pretty robust (and cheap enough that you could have cold-spares at each site).
On 02/18/2015 09:28 AM, Ray Van Dolson wrote:
Hopefully not too far off topic for this list.
Am looking for options to deploy DNS caching resolvers at remote locations where there may only be minimal infrastructure (FW and Cisco equipment) and limited options for installing a noisier, more power hugnry servers or appliances from a vendor. Stuff like Infoblox is too expensive.
We're BIND-based and leaning to stick that way, but open to other options if they present themselves.
Am considering the Soekris net6501-50. I can dump a Linux image on there with our DNS config, indudstrial grade design, and OK performance. If the thing fails, clients will hopefully not notice due to anycast which will just hit another DNS server somewhere else on the network albeit with additional latency. We ship out a replacement device rather than mucking with trying to repair.
There's also stuff like this[1] which probably gives me more horsepower on my CPU, but maybe not as reliable.
Maybe I'm overengineering this. What do others do at smaller remote sites? Also considering putting resolvers only at "hub" locations in our MPLS network based on some latency-based radius.
Ray
[1] http://www.newegg.com/Mini-Booksize-Barebone-PCs/SubCategory/ID-309
And the new CPU is ARM7 so hardfloat is supported. Should make a nifty DNS box. -Pete On 2015-02-18 07:21, Maxwell Cole wrote:
+1 for the pi,
The new model has a quad core and 1GB of ram which should be more than enough for a DNS.
On 2/18/15 10:03 AM, Peter Kristolaitis wrote:
Not "industrial grade", but Raspberry Pis are pretty great for this kind of low-horsepower application. Throw 2 at each site for redundancy and you have a low-powered, physically small, cheap, dead silent, easily replaceable system for ~$150 per site. Same idea as the Soekris -- just ship out replacements instead of trying to repair -- but even cheaper.
Between having 2 (or more) at each site, plus cross-site redundancy via anycast, it would be pretty robust (and cheap enough that you could have cold-spares at each site).
On 02/18/2015 09:28 AM, Ray Van Dolson wrote:
Hopefully not too far off topic for this list.
Am looking for options to deploy DNS caching resolvers at remote locations where there may only be minimal infrastructure (FW and Cisco equipment) and limited options for installing a noisier, more power hugnry servers or appliances from a vendor. Stuff like Infoblox is too expensive.
We're BIND-based and leaning to stick that way, but open to other options if they present themselves.
Am considering the Soekris net6501-50. I can dump a Linux image on there with our DNS config, indudstrial grade design, and OK performance. If the thing fails, clients will hopefully not notice due to anycast which will just hit another DNS server somewhere else on the network albeit with additional latency. We ship out a replacement device rather than mucking with trying to repair.
There's also stuff like this[1] which probably gives me more horsepower on my CPU, but maybe not as reliable.
Maybe I'm overengineering this. What do others do at smaller remote sites? Also considering putting resolvers only at "hub" locations in our MPLS network based on some latency-based radius.
Ray
[1] http://www.newegg.com/Mini-Booksize-Barebone-PCs/SubCategory/ID-309
Sounds coo with the pi idea. Not sure of the cache level you need but we have great success with fortigates performing firewall and local DNS host even for a small remote site that is part of an MS AD via a VPN tunnel. It can be setup and managed just like a DNS server. No extra devices to learn or manage! Nick Ellermann ~Sent from my iPhone~ On Feb 18, 2015, at 4:08 PM, Maxwell Cole <mcole.mailinglists@gmail.com> wrote: +1 for the pi, The new model has a quad core and 1GB of ram which should be more than enough for a DNS.
On 2/18/15 10:03 AM, Peter Kristolaitis wrote: Not "industrial grade", but Raspberry Pis are pretty great for this kind of low-horsepower application. Throw 2 at each site for redundancy and you have a low-powered, physically small, cheap, dead silent, easily replaceable system for ~$150 per site. Same idea as the Soekris -- just ship out replacements instead of trying to repair -- but even cheaper.
Between having 2 (or more) at each site, plus cross-site redundancy via anycast, it would be pretty robust (and cheap enough that you could have cold-spares at each site).
On 02/18/2015 09:28 AM, Ray Van Dolson wrote: Hopefully not too far off topic for this list.
Am looking for options to deploy DNS caching resolvers at remote locations where there may only be minimal infrastructure (FW and Cisco equipment) and limited options for installing a noisier, more power hugnry servers or appliances from a vendor. Stuff like Infoblox is too expensive.
We're BIND-based and leaning to stick that way, but open to other options if they present themselves.
Am considering the Soekris net6501-50. I can dump a Linux image on there with our DNS config, indudstrial grade design, and OK performance. If the thing fails, clients will hopefully not notice due to anycast which will just hit another DNS server somewhere else on the network albeit with additional latency. We ship out a replacement device rather than mucking with trying to repair.
There's also stuff like this[1] which probably gives me more horsepower on my CPU, but maybe not as reliable.
Maybe I'm overengineering this. What do others do at smaller remote sites? Also considering putting resolvers only at "hub" locations in our MPLS network based on some latency-based radius.
Ray
[1] http://www.newegg.com/Mini-Booksize-Barebone-PCs/SubCategory/ID-309
Peter Kristolaitis <alter3d@alter3d.ca> writes:
Not "industrial grade", but Raspberry Pis are pretty great for this kind of low-horsepower application. Throw 2 at each site for redundancy and you have a low-powered, physically small, cheap, dead silent, easily replaceable system for ~$150 per site.
The Pi is low-powered in more ways than one. Last fall I ran some (admittedly fairly simple minded) DNS benchmarks against a Raspberry Pi Model B and an ODROID U3. Particularly if you have DNSSEC validation enabled, the Pi is underwhelming in performance (81 qps in the validation case, 164 without). The U3 is circa 325 qps with or without DNSSEC validation on, which suggests that something else other than crypto-computes is the long pole in the tent. I haven't gotten motivated to try this against the ODROID-C1 that I acquired later in December, nor have I sourced a Raspberry Pi 2. For anyone who's feeling motivated to do this (please send along results!), the methodology I used is at http://technotes.seastrom.com/node/53 -r PS: don't miss the opportunity to run real honest-to-god isc-dhcpd on same machine rather than whatever your router provides you; you'll be glad you did.
We use Mac Minis; $500 each anywhere plus $25 (!) for all the server components, dead silent, and ready to go with Bind installed out of the box. You can also enable dhcpd and all manner of other stock BSD services. There are "helper" GUI tools for the non-CLI admin built into the Server toolkit. Way fast, extremely secure, and IPv6 ready. http://arstechnica.com/apple/2014/11/a-power-users-guide-to-os-x-server-yose... Yes, this hardware costs a bit more than the mini box Pcs,mbut you make up for that in reduced setup labor. -mel beckman
On Feb 18, 2015, at 7:22 AM, "Rob Seastrom" <rs@seastrom.com> wrote:
Peter Kristolaitis <alter3d@alter3d.ca> writes:
Not "industrial grade", but Raspberry Pis are pretty great for this kind of low-horsepower application. Throw 2 at each site for redundancy and you have a low-powered, physically small, cheap, dead silent, easily replaceable system for ~$150 per site.
The Pi is low-powered in more ways than one. Last fall I ran some (admittedly fairly simple minded) DNS benchmarks against a Raspberry Pi Model B and an ODROID U3.
Particularly if you have DNSSEC validation enabled, the Pi is underwhelming in performance (81 qps in the validation case, 164 without).
The U3 is circa 325 qps with or without DNSSEC validation on, which suggests that something else other than crypto-computes is the long pole in the tent.
I haven't gotten motivated to try this against the ODROID-C1 that I acquired later in December, nor have I sourced a Raspberry Pi 2. For anyone who's feeling motivated to do this (please send along results!), the methodology I used is at http://technotes.seastrom.com/node/53
-r
PS: don't miss the opportunity to run real honest-to-god isc-dhcpd on same machine rather than whatever your router provides you; you'll be glad you did.
Once upon a time, Rob Seastrom <rs@seastrom.com> said:
The Pi is low-powered in more ways than one. Last fall I ran some (admittedly fairly simple minded) DNS benchmarks against a Raspberry Pi Model B and an ODROID U3.
The Pi is not really the right tool for any "production" job IMHO. Even if you are restricting yourself to cheap single-board ARM systems, there are better choices like BeagleBone, Cubieboard, etc. If you need a little more power (and want x86 to make things easier), go for a Minnowboard or the like. All of these are "hobbiest" solutions though. If you want cheap and compact DNS for a not-too-high request rate, just get a cheap wifi router that'll run a flavor of Open Source firmware (I prefer OpenWRT). Disable the wifi and run dnsmasq or bind (peruse the OpenWRT supported device page to check RAM capacity). Beyond that, or if you want a rack-mount solution, get an Atom CPU based barebones, like a SuperMicro, use an SSD, and it'll be relatively quiet (and at least the SuperMicros have IPMI built in for remote management). -- Chris Adams <cma@cmadams.net>
I really like the Intel NUC. Standard x86 hardware, multiple choices of CPUs, runs debian/ubuntu/fedora etc with zero modifications. /Anders MVH / Regards Anders Löwinger Founder, Senior Consultant Abundo AB Murkelgränd 6 94471 Piteåhttp://abundo.se office: +46 911 400021 mobile: +46 72 206 0322 2015-02-18 16:45 GMT+01:00 Chris Adams <cma@cmadams.net>:
Once upon a time, Rob Seastrom <rs@seastrom.com> said:
The Pi is low-powered in more ways than one. Last fall I ran some (admittedly fairly simple minded) DNS benchmarks against a Raspberry Pi Model B and an ODROID U3.
The Pi is not really the right tool for any "production" job IMHO. Even if you are restricting yourself to cheap single-board ARM systems, there are better choices like BeagleBone, Cubieboard, etc. If you need a little more power (and want x86 to make things easier), go for a Minnowboard or the like. All of these are "hobbiest" solutions though.
If you want cheap and compact DNS for a not-too-high request rate, just get a cheap wifi router that'll run a flavor of Open Source firmware (I prefer OpenWRT). Disable the wifi and run dnsmasq or bind (peruse the OpenWRT supported device page to check RAM capacity).
Beyond that, or if you want a rack-mount solution, get an Atom CPU based barebones, like a SuperMicro, use an SSD, and it'll be relatively quiet (and at least the SuperMicros have IPMI built in for remote management).
-- Chris Adams <cma@cmadams.net>
On Wed, Feb 18, 2015 at 10:22 AM, Rob Seastrom <rs@seastrom.com> wrote:
The Pi is low-powered in more ways than one. Last fall I ran some (admittedly fairly simple minded) DNS benchmarks against a Raspberry Pi Model B and an ODROID U3.
Particularly if you have DNSSEC validation enabled, the Pi is underwhelming in performance (81 qps in the validation case, 164 without).
The U3 is circa 325 qps with or without DNSSEC validation on, which suggests that something else other than crypto-computes is the long pole in the tent.
Hi Rob, Interesting. The odroid has a 1700 mhz processor, the pi a 700 mhz processor. Except for the validation anomaly your results are self-consistent.
Caveats: This is just returning NXDOMAIN against a TLD for which (after the first run) there is already cached information that the TLD is bogus, so this test doesn't involve traffic actually leaving the box.
Given your testing methodology, the difference between validating and non-validating makes no sense to me. Once the records are cached bind should only be passing a flag around? Weird. On Wed, Feb 18, 2015 at 6:44 PM, Peter Loron <peterl@standingwave.org> wrote:
For any site where you would use a Pi as the DNS cache, it won't be an issue. DNS isn't that heavy at those query rates.
Yes and no. DNS is a lynchpin service. All connections stall until the DNS provides an IP address. So you kinda want low latency in your DNS lookups. If a fast server three hops away can respond faster than a slow server on the same LAN, the server three hops away is a better choice. A point in favor of the Raspberry Pi -- there's a heckuva lot of accessories already built for it. Including various cases and even a few different rackmount cases. And a wealth of "how do you do it?" and "why did it do this?" information available with just a few google search terms. The communities supporting the other hardware options are not nearly so large. Regards, Bill Herrin -- William Herrin ................ herrin@dirtside.com bill@herrin.us Owner, Dirtside Systems ......... Web: <http://www.dirtside.com/>
use a vm dns appliance on the same machine as your vm router instance Colin
On 18 Feb 2015, at 14:28, Ray Van Dolson <rvandolson@esri.com> wrote:
Hopefully not too far off topic for this list.
Am looking for options to deploy DNS caching resolvers at remote locations where there may only be minimal infrastructure (FW and Cisco equipment) and limited options for installing a noisier, more power hugnry servers or appliances from a vendor. Stuff like Infoblox is too expensive.
We're BIND-based and leaning to stick that way, but open to other options if they present themselves.
Am considering the Soekris net6501-50. I can dump a Linux image on there with our DNS config, indudstrial grade design, and OK performance. If the thing fails, clients will hopefully not notice due to anycast which will just hit another DNS server somewhere else on the network albeit with additional latency. We ship out a replacement device rather than mucking with trying to repair.
There's also stuff like this[1] which probably gives me more horsepower on my CPU, but maybe not as reliable.
Maybe I'm overengineering this. What do others do at smaller remote sites? Also considering putting resolvers only at "hub" locations in our MPLS network based on some latency-based radius.
Ray
[1] http://www.newegg.com/Mini-Booksize-Barebone-PCs/SubCategory/ID-309
On Wed, 18 Feb 2015 06:28:16 -0800 Ray Van Dolson <rvandolson@esri.com> wrote:
Hopefully not too far off topic for this list.
Am looking for options to deploy DNS caching resolvers at remote locations
We're BIND-based and leaning to stick that way, but open to other options if they present themselves.
I've found that "unbound" is lighter on the machine, but it does depends what you require feature-wise and/or operationally, of course.
Am considering the Soekris net6501-50. I can dump a Linux image on there with our DNS config, indudstrial grade design, and OK performance. If the thing fails, clients will hopefully not notice due to anycast which will just hit another DNS server somewhere else on the network albeit with additional latency. We ship out a replacement device rather than mucking with trying to repair.
If you're looking at Soekris, you might also find the PCEngines products interesting. The "APU" series appears similar at a glance - and they do offer a case (not rackmount, sadly - although 3rd parties might) to suit. http://www.pcengines.ch/apu.htm At the lower end, the "ALIX" boards are available in a standard 100mm x 160mm "eurocard" format which makes them very easy to rack up.. https://www.dropbox.com/s/81p75pyz1ngsvm6/DSCN0916.JPG?dl=0 Whichever way you do it, a small low-power box running entirely from flash or ssd is likely to be a good "fit and forget" (security updates aside!) solution. If you want to run from a cheap flash card, and are a linux shop, http://linux.voyage.hk/ is a debian-derived system targetting the PCEngines boards which runs with a read-only filesystem. d.
We recently installed one of these basically as digital signage, but I think it should work fine for your needs too. We've had no issues with it at all. (we installed ubuntu) It's the ECS Liva mini-pc http://www.ecs.com.tw/ECSWebSite/Product/Product_LIVA.aspx?DetailID=1560&LanID=0 On Wed, Feb 18, 2015 at 10:55 AM, David Reader < david.reader@zeninternet.co.uk> wrote:
On Wed, 18 Feb 2015 06:28:16 -0800 Ray Van Dolson <rvandolson@esri.com> wrote:
Hopefully not too far off topic for this list.
Am looking for options to deploy DNS caching resolvers at remote locations
We're BIND-based and leaning to stick that way, but open to other options if they present themselves.
I've found that "unbound" is lighter on the machine, but it does depends what you require feature-wise and/or operationally, of course.
Am considering the Soekris net6501-50. I can dump a Linux image on there with our DNS config, indudstrial grade design, and OK performance. If the thing fails, clients will hopefully not notice due to anycast which will just hit another DNS server somewhere else on the network albeit with additional latency. We ship out a replacement device rather than mucking with trying to repair.
If you're looking at Soekris, you might also find the PCEngines products interesting.
The "APU" series appears similar at a glance - and they do offer a case (not rackmount, sadly - although 3rd parties might) to suit.
http://www.pcengines.ch/apu.htm
At the lower end, the "ALIX" boards are available in a standard 100mm x 160mm "eurocard" format which makes them very easy to rack up..
https://www.dropbox.com/s/81p75pyz1ngsvm6/DSCN0916.JPG?dl=0
Whichever way you do it, a small low-power box running entirely from flash or ssd is likely to be a good "fit and forget" (security updates aside!) solution.
If you want to run from a cheap flash card, and are a linux shop, http://linux.voyage.hk/ is a debian-derived system targetting the PCEngines boards which runs with a read-only filesystem.
d.
What is your desired cost per unit? Reminds me of needing small pfsense based boxes a few years back. Used this company's hardware: http://www.logicsupply.com/computers/solutions/firewall-networking/ I bet you could get something fairly rugged and low maintenance for $400 or so. On Wed, Feb 18, 2015 at 9:28 AM, Ray Van Dolson <rvandolson@esri.com> wrote:
Hopefully not too far off topic for this list.
Am looking for options to deploy DNS caching resolvers at remote locations where there may only be minimal infrastructure (FW and Cisco equipment) and limited options for installing a noisier, more power hugnry servers or appliances from a vendor. Stuff like Infoblox is too expensive.
We're BIND-based and leaning to stick that way, but open to other options if they present themselves.
Am considering the Soekris net6501-50. I can dump a Linux image on there with our DNS config, indudstrial grade design, and OK performance. If the thing fails, clients will hopefully not notice due to anycast which will just hit another DNS server somewhere else on the network albeit with additional latency. We ship out a replacement device rather than mucking with trying to repair.
There's also stuff like this[1] which probably gives me more horsepower on my CPU, but maybe not as reliable.
Maybe I'm overengineering this. What do others do at smaller remote sites? Also considering putting resolvers only at "hub" locations in our MPLS network based on some latency-based radius.
Ray
[1] http://www.newegg.com/Mini-Booksize-Barebone-PCs/SubCategory/ID-309
-- Michael Bubb +1.646.783.8769 | KD2DTY Resume - http://mbubb.devio.us/res/resume.html *noli timere*
Have you looked at Mikrotik? www.mikrotik.com It may be lacking for DNS options you want, but worth a look. Justin Justin Wilson j2sw@mtin.net http://www.mtin.net Managed Services – xISP Solutions – Data Centers http://www.thebrotherswisp.com Podcast about xISP topics http://www.midwest-ix.com Peering – Transit – Internet Exchange
On Feb 18, 2015, at 12:32 PM, Michael Bubb <michael.bubb@gmail.com> wrote:
What is your desired cost per unit?
Reminds me of needing small pfsense based boxes a few years back. Used this company's hardware:
http://www.logicsupply.com/computers/solutions/firewall-networking/
I bet you could get something fairly rugged and low maintenance for $400 or so.
On Wed, Feb 18, 2015 at 9:28 AM, Ray Van Dolson <rvandolson@esri.com> wrote:
Hopefully not too far off topic for this list.
Am looking for options to deploy DNS caching resolvers at remote locations where there may only be minimal infrastructure (FW and Cisco equipment) and limited options for installing a noisier, more power hugnry servers or appliances from a vendor. Stuff like Infoblox is too expensive.
We're BIND-based and leaning to stick that way, but open to other options if they present themselves.
Am considering the Soekris net6501-50. I can dump a Linux image on there with our DNS config, indudstrial grade design, and OK performance. If the thing fails, clients will hopefully not notice due to anycast which will just hit another DNS server somewhere else on the network albeit with additional latency. We ship out a replacement device rather than mucking with trying to repair.
There's also stuff like this[1] which probably gives me more horsepower on my CPU, but maybe not as reliable.
Maybe I'm overengineering this. What do others do at smaller remote sites? Also considering putting resolvers only at "hub" locations in our MPLS network based on some latency-based radius.
Ray
[1] http://www.newegg.com/Mini-Booksize-Barebone-PCs/SubCategory/ID-309
-- Michael Bubb +1.646.783.8769 | KD2DTY Resume - http://mbubb.devio.us/res/resume.html
*noli timere*
Justin Wilson - MTIN <lists@mtin.net> writes:
Have you looked at Mikrotik? www.mikrotik.com
It may be lacking for DNS options you want, but worth a look.
I'd definitely recommend mikrotik for a cheap and cheerful router. DNS server (the original subject of this message)? Not so much. -r
I used one of these for a NAT/DNS box running FreeBSD for connection to our WiFi system. One nice thing is the 4 real serial ports. http://www.amazon.com/Qotom-I37C4-Bluetooth-Computer-Industrial-Computer/dp/... -- Joe Hamelin, W7COM, Tulalip, WA, 360-474-7474 On Wed, Feb 18, 2015 at 11:43 AM, Rob Seastrom <rs@seastrom.com> wrote:
Justin Wilson - MTIN <lists@mtin.net> writes:
Have you looked at Mikrotik? www.mikrotik.com
It may be lacking for DNS options you want, but worth a look.
I'd definitely recommend mikrotik for a cheap and cheerful router.
DNS server (the original subject of this message)? Not so much.
-r
Hey Ray, Most tiny routers with 64MB ram are able to run a cache dns service while not all of them have the same level such as BIND but rather dnsmasq. I think that it's not always a bad choice and it depends on what other infrastructure needs you have in these remote locations. Someone mentioned mikrotik and they use some kind of caching daemon which might even be dnsmasq under the hood. I would first make sure what is the reliability that you need which means if you have a FW and Cisco then you will might want something more then a basic TP-LINK router.(which maybe the right choice...) Assuming this infrastructure is big enough you will prefer a basic mikrotik for the cost and support. All The Bests, Eliezer On 18/02/2015 16:28, Ray Van Dolson wrote:
Hopefully not too far off topic for this list.
Am looking for options to deploy DNS caching resolvers at remote locations where there may only be minimal infrastructure (FW and Cisco equipment) and limited options for installing a noisier, more power hugnry servers or appliances from a vendor. Stuff like Infoblox is too expensive.
Find someone unloading 50 old, physically small desktop PCs. Buy the lot. Drop OpenBSD and BIND on them, ship 3 to every site, run 1 or 2 live with the leftovers as on-site spares. If one breaks, wipe the disk and send the box to recycling. (Just checked: someone on a certain auction site is selling a lot of 64 HP Compaq 8000 (3.16GHz, 2GB) systems, current price $1K.) ---rsk
That option is expensive in power fees... Den 18/02/2015 23.12 skrev "Rich Kulawiec" <rsk@gsp.org>:
Find someone unloading 50 old, physically small desktop PCs. Buy the lot. Drop OpenBSD and BIND on them, ship 3 to every site, run 1 or 2 live with the leftovers as on-site spares. If one breaks, wipe the disk and send the box to recycling.
(Just checked: someone on a certain auction site is selling a lot of 64 HP Compaq 8000 (3.16GHz, 2GB) systems, current price $1K.)
---rsk
If you're already installing a Cisco router, maybe look at an SRE-V module? You could install a VM/OS on the router. Cheers,Josh
Not to mention reliability issues with old machines...fans failing, leaky capacitors, etc, etc. -Pete On 2015-02-18 14:32, Baldur Norddahl wrote:
That option is expensive in power fees... Den 18/02/2015 23.12 skrev "Rich Kulawiec" <rsk@gsp.org>:
Find someone unloading 50 old, physically small desktop PCs. Buy the lot. Drop OpenBSD and BIND on them, ship 3 to every site, run 1 or 2 live with the leftovers as on-site spares. If one breaks, wipe the disk and send the box to recycling.
(Just checked: someone on a certain auction site is selling a lot of 64 HP Compaq 8000 (3.16GHz, 2GB) systems, current price $1K.)
---rsk
Consider change your resolver to Unbound. Much better. -- Eduardo Schoedler Em quarta-feira, 18 de fevereiro de 2015, Ray Van Dolson < rvandolson@esri.com> escreveu:
Hopefully not too far off topic for this list.
Am looking for options to deploy DNS caching resolvers at remote locations where there may only be minimal infrastructure (FW and Cisco equipment) and limited options for installing a noisier, more power hugnry servers or appliances from a vendor. Stuff like Infoblox is too expensive.
We're BIND-based and leaning to stick that way, but open to other options if they present themselves.
Am considering the Soekris net6501-50. I can dump a Linux image on there with our DNS config, indudstrial grade design, and OK performance. If the thing fails, clients will hopefully not notice due to anycast which will just hit another DNS server somewhere else on the network albeit with additional latency. We ship out a replacement device rather than mucking with trying to repair.
There's also stuff like this[1] which probably gives me more horsepower on my CPU, but maybe not as reliable.
Maybe I'm overengineering this. What do others do at smaller remote sites? Also considering putting resolvers only at "hub" locations in our MPLS network based on some latency-based radius.
Ray
[1] http://www.newegg.com/Mini-Booksize-Barebone-PCs/SubCategory/ID-309
-- Eduardo Schoedler
participants (23)
-
Anders Löwinger
-
Baldur Norddahl
-
Chris Adams
-
Colin Johnston
-
David Reader
-
Eduardo Schoedler
-
Eliezer Croitoru
-
Glenn Robuck
-
Joe Hamelin
-
Joshua Riesenweber
-
Justin Wilson - MTIN
-
Maxwell Cole
-
Mel Beckman
-
Michael Bubb
-
Michael R. Wayne
-
Nick Ellermann
-
Peter Kristolaitis
-
Peter Loron
-
Ray Van Dolson
-
Rich Kulawiec
-
Rob Seastrom
-
Steve Haavik
-
William Herrin