Solved

hosting DNS

Posted on 2007-11-20
14
827 Views
Last Modified: 2010-04-07
This might sound very stupid, but then again i am not an expert.  
My boss gave me an asignment:
Please start the process of moving our domain <bla.com> to our own DNS servers away from network solutions and alexinteractive.

What does he mean??
0
Comment
Question by:vburshte
  • 6
  • 5
  • 2
  • +1
14 Comments
 
LVL 70

Expert Comment

by:Chris Dent
ID: 20319720

Oh lucky you...

Do you have DNS Servers ready to host Public zones at present?

Whatever happens I strongly recommend that you do not mix Public DNS Servers with ADs DNS Servers. More because it's plain annoying and causes far too many problems.

If you're in a small company, with limited network connectivity then I strongly recommend you keep DNS Servers hosted off-site.

This leads onto: How important is availability of the Domain Name? For example, if the DNS Server crashes horribly and must be rebuilt: After a time processes reliant on that, such as mail delivery, will fail; Or Services dependant on it, such as browsing your Public website will fail.

If high availability is important and/or desirable then you must consider how you will host multiple DNS Servers (ideally on entirely separate sites, with entirely separate connection providers).

Chris
0
 

Author Comment

by:vburshte
ID: 20319940
Chris,
Even its a lack of coffe or my lack of knowledge (just started this job and dont want to piss of the boss with too many questions)

But basicaly what he wants is to stop using the DNS servers from network solutions and alexinteractive
and use the 3 (as MS recomends) inhouse.
If this is the case, for a company of 300+ users, do you think we will need both forward and reverse zones?
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 20319986

That's fair enough, I can certainly appreciate that :)

First though, MS doesn't recommend anything of the sort, not sure where he could get that impression.

We need to resolve a few potential conflicts with the Forward Lookup Zone. Is the Internal Domain Name (AD Domain Name) the same as the External Domain Name?

When you say "3 inhouse" are those AD Domain Controllers?

You are extremely unlikely to be able to get control of the Reverse Lookup Zone. Nor could I advise you to do so. Responsibility for that is delegated to your Connection Provider (not a global registrar like Network Solutions). As delegation of that can be complex it's best avoided.

Chris
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 29

Expert Comment

by:Michael W
ID: 20320078
Just to stir the pot up some, is Microsoft the requirement for the DNS servers or can you use, say, Linux instead?

Setting up Linux with BIND, named.conf and its /etc/named.data directory structure is very easy to do. The DNS 'slave' servers can be setup for replication needs from the master DNS server, etc.

0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 20320113

BIND should certainly be considered, I do like that option :)

To be honest though, unless there's a pressing need to host Public DNS in-house I'd avoid it. You'll get better connectivity and redundancy with a host.

If you can't update the zone information easily enough in it's current location then find a different host.

Chris
0
 

Author Comment

by:vburshte
ID: 20320166
Ok.  Just in self defense I am Cisco person.  So this is kind of new to me.  Linux is porbably ok, but then again i am a total 0 on that. So ill stay with MS.

So i went into AD and under Domain Controlerse are the systems listed that I was refering to us our DNS servers.  So i guess they are AD domain controlers.
So now i guess I have to builld 2 new systems that will function as DNS servers.  Am i right so far?
0
 

Author Comment

by:vburshte
ID: 20320211
And now that I brought that up would any off you expers have a good link saved that can give a 101 on how to build a DNS server that can host public dns zones?
0
 
LVL 13

Expert Comment

by:cshepfam
ID: 20320254
today is your lucky day...lol


i created an article to not only host your own dns server, but also your mail server.  take a look at it.


http://techrepublic.com.com/5208-6230-0.html?forumID=102&threadID=239582&messageID=2330632
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 20320297

Do you know if the AD Domain Name is the same as either of the domain names you'll be hosting? It's fairly important as it will have a functional impact on the work you're planning.

What about connection related fault tolerance? I assume you're happy with the downsides to having both DNS Servers on a single connection?

I wouldn't expect to do anything with the Reverse Lookup Zone, so you should be able to concentrate on the Forward Lookup Zones.

Then we have some more fun things to consider (which aren't covered in the how-to above that I can see):

- TTL (Time to Live) values for the zones should be considered. If they're not an issue I'd set them to 24 hours.

- Firewall your DNS Servers, make sure you only allow 53 UDP to these servers. Make sure they're patched and completely up to date (there are some nasty exploits for the unprepared server).

 - Disable Recursion! You're not there to provide answers for other peoples domains, only your own. This means they will only answer for zones they are Authoritative for.

Chris
0
 

Author Comment

by:vburshte
ID: 20320398
Ok so I am going through and getting most of it (please bare with me on this one)
When it comes to exchange, why do I need to make any changed to it?  I understand having to reregister the MX and all that crap but  if we already have a fully functional exchange then why do i need to make any changes to it?  Arent I simply taking over what outside DNS did? So shouldnt it  be transparent to the exchange server?
0
 

Author Comment

by:vburshte
ID: 20320459
DUH, that was a stupid question to ask, sorry!!!  I think i got all that I need if not i knowwhere to ask.
0
 
LVL 29

Expert Comment

by:Michael W
ID: 20320771
Though you stated you have more of a Cisco background, are you planning this DNS migration yourself or are you working with a Microsoft partner in developing a plan, assuming you are sticking with using Microsoft Server and its DNS capabilities?

0
 

Author Comment

by:vburshte
ID: 20320804
Me, Myself and you folks :)
Ill just use one unused server with a fresh load of 2003 server.

Out of curiosity, once i update the public record to point to my DNS what kind of (if any) downtime will there be?
Also, is there anything i should be on the look out for?  Like what are the most common problems?
0
 
LVL 70

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 20320861

There shouldn't be any downtime as such. Although it can take anything up to 48 hours for the change to fully come into effect (depending on the TTL of the NS Records with your registrar).

www.dnsreport.com would be very useful to verify the configuration of your zones / servers once it's live.

DNS itself is really pretty simple so there aren't any really big problems to worry about. You've avoided putting the zones onto the Domain Controllers which must represent some of the nastier problems I've ever run into.

Chris
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
Synchronize a new Active Directory domain with an existing Office 365 tenant
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question