I have DNS server with private Ip 192.168.168.254
I have about 50k user in my network
They use this public Ip as DNS server :
2.180.212.1
I have ccr1036 and my DNS server connect to this router. I use dst Nat to forward DNS port (53) from public Ip to my DNS server private Ip
Now I want to know which situation use fewer CPU load ??
1.port forwarding
2.give my CCR DNS address and use my router as DNS server ?
Thank you
Sent from my Lenovo K910 using Tapatalk
NAT will be less load on the CCR.
Doing DNS on the CCR will be less load on your DNS server hardware.
I am not a fan of using the MikroTiks as cacheing name servers. I’ve seen some oddities that went away when I stopped using the MikroTik cacheing name service for 50 - 200 user pools of customers. I did not dig into why the MikroTik behaved oddly when the BIND server did not.
Because mikrotik provides a dns cache and not a dns server. I read somewhere that there is a performance cap that reveals when too many requests arrive during short period of time. Therefore in case of many clients when you feel any dns performance problems, use your own local dns server and redirect all requests to it.
DNS servers
I always try to have all devices in/on my network to use my core in-house DNS servers.
My DHCP servers on my customer NATted networks/devices to customer machines DHCP assigns my DNS servers.
I never use the NAT device as a DNS server or forwarder , it just slows down DNS requests.
I never use outside public DNS servers (example 8.8.4.4 or 8.8.8.8 ), it just slows down DNS requests.
By having everybody use only two or three of your core DNS servers, you DNS servers get really fast on answering DNS requests because they build up DNS cache
-and-
By having everybody use only two or three of your core DNS servers, they respond much much faster than outside Internet located DNS servers.
It really bugs me to see slow response times to locate and load web pages. With thousands of machines already using my core DNS servers, there is a really high probability that any DNS request I make will probably be found in DNS cache ( instead of having my DNS servers go look it up ).
North Idaho Tom Jones