On the 5th of December 2012, Budget Day, we had 59,689 unique viewers who generated 1.85 Gbit/s of traffic and 642 request per second as peak.
On the 6th / 7th of February 2013, the Government’s all-night session, to pass the Irish Bank Resolution Corporation Bill 2013, had 8,168 unique viewers, who generate 2.2 Gbit/s of traffic and 657 request per second.
Interesting that 8,000 viewers generate more traffic than nearly 60,000. This is because nearly everyone watching the all night session was watching from home rather than work, meaning more direct requests from viewers to our servers rather than via corporate HTTP proxies that would have cached the requests. A very good demonstration of the scalability of HTTP Adaptive Streaming.
Trying to setup a Windows domain with a publicly accessible domain name is more difficult than I had expected.
Setup two servers as domain controllers with DNS installed. Have all the servers in the domain use the domain controllers as their DNS servers, which means recursive DNS is enabled on the domain’s DNS servers / domain controllers.
If the DNS servers are publicly accessible and recursion is enabled, they are a security risk. But if I switch off recusion the servers within the domain can’t find anything outside the domain, including security updates.
Change the DNS setting on the servers in the domain to use a properly configured recursive DNS server (non-Microsoft) and switch off recursion on the domain controllers. This didn’t work since the new DNS servers did not return the needed SRV records to find the domain controllers. This can be setup but seemed like a lot of work and a fragile setup.
The domain controllers have recursion switched on, but only respond to servers within the domain’s network and the two non-Microsoft DNS servers. The non-Microsoft DNS servers act as secondary DNS. So when a DNS query is done externally, the secondaries respond since the primaries block the external queries. This worked reasonable well, but there were failed and slow DNS queries because the primaries don’t responded.
The solution I have currently is; domain controllers respond to external queries and have recursion switched off. The servers in the domain use two Microsoft DNS, not the domain controllers, which have recursion switched on and do not respond to queries from outside the domain. These new DNS servers also have conditional forwarders setup for the domain’s dns name pointing at the domain controllers.
The domain controllers and DNS servers are virtual machines, so the resource usage is not as bad a having four physical servers.
The ideal solution would be that Microsoft fixed their DNS server to allow recursion from defined address ranges.