Solved

what dns server do i need, and what is best

Posted on 2009-04-02
7
480 Views
Last Modified: 2013-12-19
I currently have 1500 users, and growing, and seem to be experiencing DNS related issue causing a degradation of service.  At peak times, clients on the largest VLANs cannot get to the DNS (off site). This is arbitrary and intermittent--happening on some computers all the time, and certainly more often at peak usage times.

this is a remote site, with limited bandwidth--so peak times don't translate to congestion on the lan side--but bandwidth limitations.

If this is a dns related issue, what would be the best solution--setting up tow local dns as forwarders? what kind of dns do i need (to accomdate forwarding traffic, and perhaps adding some local hosts)?

could i setup a private only dns to deal with local hosts, and then forward all other traffic to our isp's dns?
0
Comment
Question by:demetri08
7 Comments
 
LVL 11

Accepted Solution

by:
packetguy earned 500 total points
ID: 24057543
A great test is to temporarily switch to OpenDNS for your external DNS. This is a commercial service that you can use for free; the only catch is that "not found" sites will get directed to an ad page. But for testing you'll quickly be able to rule out DNS as a problem, because OpenDNS is very fast and very widely distributed across the Internet.

To use OpenDNS, just configure your external nameservers as 208.67.222.222 and 208.67.220.220. You might want to check out their site at http://www.opendns.com -- they have other features that I never use, but that might help you out with your troubleshooting.

Ideally you might want to consider a local DNS server to cache your external DNS queries, since with 1500 users you probably have a lot of redundant DNS traffic. You can buy DNS appliances to do this for under $1000, or you can easily configure any Windows workstation as a DNS server using software like SimpleDNS (http://www.simpledns.com), which is as cheap as $80 for a five-zone license. Since you'd be using this as a forward caching resolver, that minimum license would be all you need.
0
 
LVL 3

Expert Comment

by:nevvamind
ID: 24057615
What you need is a caching DNS server sitting @ the fence.
BIND in a caching resolving mode would be ideal for your low bandwidth situations as it stores the entries locally and doesn't go out shouting everytime it gets a query.

See this http://www.langfeldt.net/DNS-HOWTO/BIND-9/DNS-HOWTO-3.html
0
 
LVL 62

Expert Comment

by:gheist
ID: 24058455
You have to introduce onsite DNS cache (or two).
I'd suggest MaraDNS for its great security record and simplicity.
If its features are not enough BIND is universal tool of choice
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 3

Expert Comment

by:kchat
ID: 24058564
In my opinion, with 1500 users you should implement your own redundant DNS solution and better avoid the cheap ones.
Also you can use any of the public DNS but first check the response time (ping) and after comparing it, choose the lowest response time for your Primary DNS and your ISPs for secondary or the opposite if you get a better response from the ISP. The idea is to have fast name resolution and  a failover mechanism if for example you loose connectivity with the preffered one.
Just do a search for "Public DNS" to find the one you need, or also check this out:
http://80.247.230.136/dns2.htm
Always test yourself too before adopt any results ...
0
 
LVL 62

Expert Comment

by:gheist
ID: 24058618
Also you have to prioritize NTP and DNS traffic between client and server on slow link. This way you can even make 9600 line working.
0
 

Author Comment

by:demetri08
ID: 24066133
thanks all for the input, bind is my path of of choice. With that determined, what's the ideal setup? lets say i setup bind on a debian box, is this the best option? i that up yesterday, with cleints from different vlans going to the debian box's different internal ips, then its nated it to an external ip. what would be the biggest security concerns in a setup like that, to aviod?

how about redundancy, a mast and slave dns will do?

last, what about split dns. say i have a few places i need internal clients to go to, it seems split dns is best for such?

many thanks!
0
 
LVL 62

Expert Comment

by:gheist
ID: 24068437
ISC runs BIND on NetBSD
I'd look at www.distrowatch.com for easier Linux distribution.
No need to complicate with master/slave if you only do DNS caching.
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
For many of us, the  holiday season kindles the natural urge to give back to our friends, family members and communities. While it's easy for friends to notice the impact of such deeds, understanding the contributions of businesses and enterprises i…
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question