Hopefully not too far off topic for this list.
Am looking for options to deploy DNS caching resolvers at remote
locations where there may only be minimal infrastructure (FW and Cisco
equipment) and limited options for installing a noisier, more power
hugnry servers or appliances from a vendor. Stuff like Infoblox is
too expensive.
We're BIND-based and leaning to stick that way, but open to other
options if they present themselves.
Am considering the Soekris net6501-50. I can dump a Linux image on
there with our DNS config, indudstrial grade design, and OK
performance. If the thing fails, clients will hopefully not notice due
to anycast which will just hit another DNS server somewhere else on the
network albeit with additional latency. We ship out a replacement
device rather than mucking with trying to repair.
There's also stuff like this[1] which probably gives me more horsepower
on my CPU, but maybe not as reliable.
Maybe I'm overengineering this. What do others do at smaller remote
sites? Also considering putting resolvers only at "hub" locations in
our MPLS network based on some latency-based radius.
Ray
[1] http://www.newegg.com/Mini-Booksize-Barebone-PCs/SubCategory/ID-309
Well, if they ever manage to get them into production, I'm hoping to talk
my boss into buying some of these.
http://www.fit-pc.com/web/products/fitlet/
We'd just need to figure out a rackmount bracket of some sort. Hide them
in the case of our previous gen hardware maybe??? Screw them to a cheap
rackmount shelf???
Failing that, I've pointed out that we could afford to put a Raspberry Pi
in every one of our sites for less than we paid for the last batch of dns
servers.
Not "industrial grade", but Raspberry Pis are pretty great for this kind of low-horsepower application. Throw 2 at each site for redundancy and you have a low-powered, physically small, cheap, dead silent, easily replaceable system for ~$150 per site. Same idea as the Soekris -- just ship out replacements instead of trying to repair -- but even cheaper.
Between having 2 (or more) at each site, plus cross-site redundancy via anycast, it would be pretty robust (and cheap enough that you could have cold-spares at each site).
use a vm dns appliance on the same machine as your vm router instance
Colin
+1 for the pi,
The new model has a quad core and 1GB of ram which should be more than enough for a DNS.
Peter Kristolaitis <alter3d@alter3d.ca> writes:
Not "industrial grade", but Raspberry Pis are pretty great for this
kind of low-horsepower application. Throw 2 at each site for
redundancy and you have a low-powered, physically small, cheap, dead
silent, easily replaceable system for ~$150 per site.
The Pi is low-powered in more ways than one. Last fall I ran some
(admittedly fairly simple minded) DNS benchmarks against a Raspberry
Pi Model B and an ODROID U3.
Particularly if you have DNSSEC validation enabled, the Pi is
underwhelming in performance (81 qps in the validation case, 164
without).
The U3 is circa 325 qps with or without DNSSEC validation on, which
suggests that something else other than crypto-computes is the long
pole in the tent.
I haven't gotten motivated to try this against the ODROID-C1 that I
acquired later in December, nor have I sourced a Raspberry Pi 2. For
anyone who's feeling motivated to do this (please send along
results!), the methodology I used is at http://technotes.seastrom.com/node/53
-r
PS: don't miss the opportunity to run real honest-to-god isc-dhcpd on
same machine rather than whatever your router provides you; you'll be
glad you did.
We use Mac Minis; $500 each anywhere plus $25 (!) for all the server components, dead silent, and ready to go with Bind installed out of the box. You can also enable dhcpd and all manner of other stock BSD services. There are "helper" GUI tools for the non-CLI admin built into the Server toolkit. Way fast, extremely secure, and IPv6 ready.
http://arstechnica.com/apple/2014/11/a-power-users-guide-to-os-x-server-yosemite-edition/11/
Yes, this hardware costs a bit more than the mini box Pcs,mbut you make up for that in reduced setup labor.
-mel beckman
I suspect that this could be done using an ERLite but have not
actually tried it.
Once upon a time, Rob Seastrom <rs@seastrom.com> said:
The Pi is low-powered in more ways than one. Last fall I ran some
(admittedly fairly simple minded) DNS benchmarks against a Raspberry
Pi Model B and an ODROID U3.
The Pi is not really the right tool for any "production" job IMHO. Even
if you are restricting yourself to cheap single-board ARM systems, there
are better choices like BeagleBone, Cubieboard, etc. If you need a
little more power (and want x86 to make things easier), go for a
Minnowboard or the like. All of these are "hobbiest" solutions though.
If you want cheap and compact DNS for a not-too-high request rate, just
get a cheap wifi router that'll run a flavor of Open Source firmware (I
prefer OpenWRT). Disable the wifi and run dnsmasq or bind (peruse the
OpenWRT supported device page to check RAM capacity).
Beyond that, or if you want a rack-mount solution, get an Atom CPU based
barebones, like a SuperMicro, use an SSD, and it'll be relatively quiet
(and at least the SuperMicros have IPMI built in for remote management).
I really like the Intel NUC. Standard x86 hardware, multiple choices of
CPUs, runs debian/ubuntu/fedora etc with zero modifications.
/Anders
MVH / Regards
Anders Löwinger
Founder, Senior Consultant
Abundo AB
Murkelgränd 6
94471 Piteåhttp://abundo.se
office: +46 911 400021
mobile: +46 72 206 0322
Hopefully not too far off topic for this list.
Am looking for options to deploy DNS caching resolvers at remote
locations
We're BIND-based and leaning to stick that way, but open to other
options if they present themselves.
I've found that "unbound" is lighter on the machine, but it does depends what you require feature-wise and/or operationally, of course.
Am considering the Soekris net6501-50. I can dump a Linux image on
there with our DNS config, indudstrial grade design, and OK
performance. If the thing fails, clients will hopefully not notice due
to anycast which will just hit another DNS server somewhere else on the
network albeit with additional latency. We ship out a replacement
device rather than mucking with trying to repair.
If you're looking at Soekris, you might also find the PCEngines products interesting.
The "APU" series appears similar at a glance - and they do offer a case (not rackmount, sadly - although 3rd parties might) to suit.
At the lower end, the "ALIX" boards are available in a standard 100mm x 160mm "eurocard" format which makes them very easy to rack up..
Whichever way you do it, a small low-power box running entirely from flash or ssd is likely to be a good "fit and forget" (security updates aside!) solution.
If you want to run from a cheap flash card, and are a linux shop, http://linux.voyage.hk/ is a debian-derived system targetting the PCEngines boards which runs with a read-only filesystem.
d.
We recently installed one of these basically as digital signage, but I
think it should work fine for your needs too. We've had no issues with it
at all. (we installed ubuntu)
It's the ECS Liva mini-pc
http://www.ecs.com.tw/ECSWebSite/Product/Product_LIVA.aspx?DetailID=1560&LanID=0
What is your desired cost per unit?
Reminds me of needing small pfsense based boxes a few years back. Used this
company's hardware:
http://www.logicsupply.com/computers/solutions/firewall-networking/
I bet you could get something fairly rugged and low maintenance for $400 or
so.
Have you looked at Mikrotik?
www.mikrotik.com
It may be lacking for DNS options you want, but worth a look.
Justin
Justin Wilson j2sw@mtin.net
http://www.mtin.net Managed Services – xISP Solutions – Data Centers
http://www.thebrotherswisp.com Podcast about xISP topics
http://www.midwest-ix.com Peering – Transit – Internet Exchange
Hey Ray,
Most tiny routers with 64MB ram are able to run a cache dns service while not all of them have the same level such as BIND but rather dnsmasq.
I think that it's not always a bad choice and it depends on what other infrastructure needs you have in these remote locations.
Someone mentioned mikrotik and they use some kind of caching daemon which might even be dnsmasq under the hood.
I would first make sure what is the reliability that you need which means if you have a FW and Cisco then you will might want something more then a basic TP-LINK router.(which maybe the right choice...)
Assuming this infrastructure is big enough you will prefer a basic mikrotik for the cost and support.
All The Bests,
Eliezer
Justin Wilson - MTIN <lists@mtin.net> writes:
Have you looked at Mikrotik?
www.mikrotik.com
It may be lacking for DNS options you want, but worth a look.
I'd definitely recommend mikrotik for a cheap and cheerful router.
DNS server (the original subject of this message)? Not so much.
-r
I used one of these for a NAT/DNS box running FreeBSD for connection to our
WiFi system. One nice thing is the 4 real serial ports.
http://www.amazon.com/Qotom-I37C4-Bluetooth-Computer-Industrial-Computer/dp/B00MQKJYY0
Find someone unloading 50 old, physically small desktop PCs. Buy the
lot. Drop OpenBSD and BIND on them, ship 3 to every site, run 1 or 2
live with the leftovers as on-site spares. If one breaks, wipe the disk
and send the box to recycling.
(Just checked: someone on a certain auction site is selling a lot of 64
HP Compaq 8000 (3.16GHz, 2GB) systems, current price $1K.)
---rsk
And the new CPU is ARM7 so hardfloat is supported. Should make a nifty DNS box.
-Pete
Sounds coo with the pi idea. Not sure of the cache level you need but we have great success with fortigates performing firewall and local DNS host even for a small remote site that is part of an MS AD via a VPN tunnel. It can be setup and managed just like a DNS server. No extra devices to learn or manage!
Nick Ellermann
~Sent from my iPhone~
+1 for the pi,
The new model has a quad core and 1GB of ram which should be more than enough for a DNS.
