[178166] in North American Network Operators' Group
Re: OT - Small DNS "appliances" for remote offices.
daemon@ATHENA.MIT.EDU (Nick Ellermann)
Wed Feb 18 17:34:04 2015
X-Original-To: nanog@nanog.org
From: Nick Ellermann <nellermann@broadaspect.com>
To: Maxwell Cole <mcole.mailinglists@gmail.com>
Date: Wed, 18 Feb 2015 22:31:34 +0000
In-Reply-To: <54E4AE06.8010804@gmail.com>
Cc: "nanog@nanog.org >> 'NANOG list'" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
Sounds coo with the pi idea. Not sure of the cache level you need but we ha=
ve great success with fortigates performing firewall and local DNS host ev=
en for a small remote site that is part of an MS AD via a VPN tunnel. It ca=
n be setup and managed just like a DNS server. No extra devices to learn or=
manage!
Nick Ellermann
~Sent from my iPhone~
On Feb 18, 2015, at 4:08 PM, Maxwell Cole <mcole.mailinglists@gmail.com> wr=
ote:
+1 for the pi,
The new model has a quad core and 1GB of ram which should be more than enou=
gh for a DNS.
> On 2/18/15 10:03 AM, Peter Kristolaitis wrote:
> Not "industrial grade", but Raspberry Pis are pretty great for this kind =
of low-horsepower application. Throw 2 at each site for redundancy and you=
have a low-powered, physically small, cheap, dead silent, easily replaceab=
le system for ~$150 per site. Same idea as the Soekris -- just ship out r=
eplacements instead of trying to repair -- but even cheaper.
>=20
> Between having 2 (or more) at each site, plus cross-site redundancy via a=
nycast, it would be pretty robust (and cheap enough that you could have col=
d-spares at each site).
>=20
>=20
>=20
>> On 02/18/2015 09:28 AM, Ray Van Dolson wrote:
>> Hopefully not too far off topic for this list.
>>=20
>> Am looking for options to deploy DNS caching resolvers at remote
>> locations where there may only be minimal infrastructure (FW and Cisco
>> equipment) and limited options for installing a noisier, more power
>> hugnry servers or appliances from a vendor. Stuff like Infoblox is
>> too expensive.
>>=20
>> We're BIND-based and leaning to stick that way, but open to other
>> options if they present themselves.
>>=20
>> Am considering the Soekris net6501-50. I can dump a Linux image on
>> there with our DNS config, indudstrial grade design, and OK
>> performance. If the thing fails, clients will hopefully not notice due
>> to anycast which will just hit another DNS server somewhere else on the
>> network albeit with additional latency. We ship out a replacement
>> device rather than mucking with trying to repair.
>>=20
>> There's also stuff like this[1] which probably gives me more horsepower
>> on my CPU, but maybe not as reliable.
>>=20
>> Maybe I'm overengineering this. What do others do at smaller remote
>> sites? Also considering putting resolvers only at "hub" locations in
>> our MPLS network based on some latency-based radius.
>>=20
>> Ray
>>=20
>> [1] http://www.newegg.com/Mini-Booksize-Barebone-PCs/SubCategory/ID-309
