Solved

hosting DNS

Posted on 2007-11-20
14
823 Views
Last Modified: 2010-04-07
This might sound very stupid, but then again i am not an expert.  
My boss gave me an asignment:
Please start the process of moving our domain <bla.com> to our own DNS servers away from network solutions and alexinteractive.

What does he mean??
0
Comment
Question by:vburshte
  • 6
  • 5
  • 2
  • +1
14 Comments
 
LVL 70

Expert Comment

by:Chris Dent
Comment Utility

Oh lucky you...

Do you have DNS Servers ready to host Public zones at present?

Whatever happens I strongly recommend that you do not mix Public DNS Servers with ADs DNS Servers. More because it's plain annoying and causes far too many problems.

If you're in a small company, with limited network connectivity then I strongly recommend you keep DNS Servers hosted off-site.

This leads onto: How important is availability of the Domain Name? For example, if the DNS Server crashes horribly and must be rebuilt: After a time processes reliant on that, such as mail delivery, will fail; Or Services dependant on it, such as browsing your Public website will fail.

If high availability is important and/or desirable then you must consider how you will host multiple DNS Servers (ideally on entirely separate sites, with entirely separate connection providers).

Chris
0
 

Author Comment

by:vburshte
Comment Utility
Chris,
Even its a lack of coffe or my lack of knowledge (just started this job and dont want to piss of the boss with too many questions)

But basicaly what he wants is to stop using the DNS servers from network solutions and alexinteractive
and use the 3 (as MS recomends) inhouse.
If this is the case, for a company of 300+ users, do you think we will need both forward and reverse zones?
0
 
LVL 70

Expert Comment

by:Chris Dent
Comment Utility

That's fair enough, I can certainly appreciate that :)

First though, MS doesn't recommend anything of the sort, not sure where he could get that impression.

We need to resolve a few potential conflicts with the Forward Lookup Zone. Is the Internal Domain Name (AD Domain Name) the same as the External Domain Name?

When you say "3 inhouse" are those AD Domain Controllers?

You are extremely unlikely to be able to get control of the Reverse Lookup Zone. Nor could I advise you to do so. Responsibility for that is delegated to your Connection Provider (not a global registrar like Network Solutions). As delegation of that can be complex it's best avoided.

Chris
0
 
LVL 29

Expert Comment

by:Michael W
Comment Utility
Just to stir the pot up some, is Microsoft the requirement for the DNS servers or can you use, say, Linux instead?

Setting up Linux with BIND, named.conf and its /etc/named.data directory structure is very easy to do. The DNS 'slave' servers can be setup for replication needs from the master DNS server, etc.

0
 
LVL 70

Expert Comment

by:Chris Dent
Comment Utility

BIND should certainly be considered, I do like that option :)

To be honest though, unless there's a pressing need to host Public DNS in-house I'd avoid it. You'll get better connectivity and redundancy with a host.

If you can't update the zone information easily enough in it's current location then find a different host.

Chris
0
 

Author Comment

by:vburshte
Comment Utility
Ok.  Just in self defense I am Cisco person.  So this is kind of new to me.  Linux is porbably ok, but then again i am a total 0 on that. So ill stay with MS.

So i went into AD and under Domain Controlerse are the systems listed that I was refering to us our DNS servers.  So i guess they are AD domain controlers.
So now i guess I have to builld 2 new systems that will function as DNS servers.  Am i right so far?
0
 

Author Comment

by:vburshte
Comment Utility
And now that I brought that up would any off you expers have a good link saved that can give a 101 on how to build a DNS server that can host public dns zones?
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 13

Expert Comment

by:cshepfam
Comment Utility
today is your lucky day...lol


i created an article to not only host your own dns server, but also your mail server.  take a look at it.


http://techrepublic.com.com/5208-6230-0.html?forumID=102&threadID=239582&messageID=2330632
0
 
LVL 70

Expert Comment

by:Chris Dent
Comment Utility

Do you know if the AD Domain Name is the same as either of the domain names you'll be hosting? It's fairly important as it will have a functional impact on the work you're planning.

What about connection related fault tolerance? I assume you're happy with the downsides to having both DNS Servers on a single connection?

I wouldn't expect to do anything with the Reverse Lookup Zone, so you should be able to concentrate on the Forward Lookup Zones.

Then we have some more fun things to consider (which aren't covered in the how-to above that I can see):

- TTL (Time to Live) values for the zones should be considered. If they're not an issue I'd set them to 24 hours.

- Firewall your DNS Servers, make sure you only allow 53 UDP to these servers. Make sure they're patched and completely up to date (there are some nasty exploits for the unprepared server).

 - Disable Recursion! You're not there to provide answers for other peoples domains, only your own. This means they will only answer for zones they are Authoritative for.

Chris
0
 

Author Comment

by:vburshte
Comment Utility
Ok so I am going through and getting most of it (please bare with me on this one)
When it comes to exchange, why do I need to make any changed to it?  I understand having to reregister the MX and all that crap but  if we already have a fully functional exchange then why do i need to make any changes to it?  Arent I simply taking over what outside DNS did? So shouldnt it  be transparent to the exchange server?
0
 

Author Comment

by:vburshte
Comment Utility
DUH, that was a stupid question to ask, sorry!!!  I think i got all that I need if not i knowwhere to ask.
0
 
LVL 29

Expert Comment

by:Michael W
Comment Utility
Though you stated you have more of a Cisco background, are you planning this DNS migration yourself or are you working with a Microsoft partner in developing a plan, assuming you are sticking with using Microsoft Server and its DNS capabilities?

0
 

Author Comment

by:vburshte
Comment Utility
Me, Myself and you folks :)
Ill just use one unused server with a fresh load of 2003 server.

Out of curiosity, once i update the public record to point to my DNS what kind of (if any) downtime will there be?
Also, is there anything i should be on the look out for?  Like what are the most common problems?
0
 
LVL 70

Accepted Solution

by:
Chris Dent earned 500 total points
Comment Utility

There shouldn't be any downtime as such. Although it can take anything up to 48 hours for the change to fully come into effect (depending on the TTL of the NS Records with your registrar).

www.dnsreport.com would be very useful to verify the configuration of your zones / servers once it's live.

DNS itself is really pretty simple so there aren't any really big problems to worry about. You've avoided putting the zones onto the Domain Controllers which must represent some of the nastier problems I've ever run into.

Chris
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Suggested Solutions

Resolve DNS query failed errors for Exchange
In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now