Is it unwise to run DNS on your web server?

Is it unwise to run DNS on your web server?  
Wolfgang_DAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

fosiul01Commented:
if this public dns server then i am not seeing any problem

but if your web server and dns server works as domain controller for your network then its not wise

you should always put public web server in DMZ and internal domain controller inside a firewall.
0
giltjrCommented:
My personal opinion is that you need to take into account a few factors.

What is the "size" of the computer you plan to deploy the website(s) on?
What is th expected traffic (hits as well as volume of data transfered) on the web site?
Is the web site serving up static pages, or dynamic pages?  
Is the web site pulling data from a database?  Is the database on the same computer as the web server?

Some people say that you should not mix server functions on the same computer, but that results in a LOT of very UNDERUTILIZED computers taking up space, using power, and generating heat.  One computer running at 20-25% busy uses less environmental resource than 4-5 computers running at 5% busy each.

Also, you may not  want to have one DNS server, or even one web server.  Depends on the availability requirements for the site.

If you don't want to run DNS and Web in the same OS image, you may want to look at getting two physical computer, and running virtual machines on them.  One on each for web server functions and one for each for DNS functions.

But again it depends on the load you will have with the web server.  Typically DNS servers do not use that much computing resources.
0
Wolfgang_DAuthor Commented:
Here is some more exact info about our server and websites.  

Our server runs CentOS Linux; has two Intel(R) Xeon(R) CPU E5310 @ 1.60GHz; 2 GB of memory; and a 160 GB hard drive.  

Our web server serves up 55 websites and they use approximately 180-220 Gig of bandwidth per month.  Not sure on the total number of hits but one of our more popular sites got 2841341 hits last month from 72015 unique visitors.  

All of our sites serve up dynamic, database driven, content.  

The proposal was to run the primary and secondary dns off the same server ... which happens to be our web server as well.  

I didn't like the idea that the backup was on the same server as the primary.  That didn't seem logical.  Also I'm not sure if it would slow the server down or expose it to attacks directed at name servers.  

Let me know your thoughts.  :-)
0
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

Wolfgang_DAuthor Commented:
This is not an internal domain controller.  
0
giltjrCommented:
Um, running both DNS's server on the same box.  The purpose of having a second DNS server is for redundancy.  Anybody that proposes that should be shot.

That's like giving you two keys to a door in case one gets lost, but you put both keys on the same ring.

At least one of the DNS servers MUST be on a separate physical box, not a different virtual host on the same box, but a separate physical box.  That gives you redundancy.

I would start with at least one DNS server and have that one be on a separate physical box.

Then I would look at CPU usage on the web server and look at it more granular than monthly.  I would look at 5 or 15 minute intervals for a few days.  If it is low, then go ahead and put the secondary DNS server on the same box.

I would not worry about dns server attacks.  Web servers get attacked way more often than DNS servers and typically dns server does not use that much CPU.  The only time CPU for a DNS server gets high is if you are servering up for a LOT of domains and a lot of hosts, as in hundreds or thousands of domains with thousands of hosts in each domain.

When they fixes the last big dns server bug it caused performance problems on some DNS servers.  DNS servers that were getting 10,000 plus requests a second.   For most DNS servers for a single domain you might get 10 requests a second.  Remember, even if you were getting 5,000 hits a second, there would have only been a few (maybe 100) dns resolution requests.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
fosiul01Commented:
hi sorry for late reply but giltjr explained in a nice way.
there is not much to say...

if you maintain your dns server then you just have to make sure that the zone is not nontransferable other wise it would create a security problem..other then that you should be fine.

by the way, currently who is responsible for your dns server ??
0
Wolfgang_DAuthor Commented:
Thanks for all the replies; our DNS server is up and running; doesn't seem to be taxing things any more than usual and DNS management is easier now.  :-)  

I'll keep an eye out for all the things you mentioned.  
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking

From novice to tech pro — start learning today.