Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

what dns server do i need, and what is best

Posted on 2009-04-02
7
Medium Priority
?
488 Views
Last Modified: 2013-12-19
I currently have 1500 users, and growing, and seem to be experiencing DNS related issue causing a degradation of service.  At peak times, clients on the largest VLANs cannot get to the DNS (off site). This is arbitrary and intermittent--happening on some computers all the time, and certainly more often at peak usage times.

this is a remote site, with limited bandwidth--so peak times don't translate to congestion on the lan side--but bandwidth limitations.

If this is a dns related issue, what would be the best solution--setting up tow local dns as forwarders? what kind of dns do i need (to accomdate forwarding traffic, and perhaps adding some local hosts)?

could i setup a private only dns to deal with local hosts, and then forward all other traffic to our isp's dns?
0
Comment
Question by:demetri08
7 Comments
 
LVL 11

Accepted Solution

by:
packetguy earned 2000 total points
ID: 24057543
A great test is to temporarily switch to OpenDNS for your external DNS. This is a commercial service that you can use for free; the only catch is that "not found" sites will get directed to an ad page. But for testing you'll quickly be able to rule out DNS as a problem, because OpenDNS is very fast and very widely distributed across the Internet.

To use OpenDNS, just configure your external nameservers as 208.67.222.222 and 208.67.220.220. You might want to check out their site at http://www.opendns.com -- they have other features that I never use, but that might help you out with your troubleshooting.

Ideally you might want to consider a local DNS server to cache your external DNS queries, since with 1500 users you probably have a lot of redundant DNS traffic. You can buy DNS appliances to do this for under $1000, or you can easily configure any Windows workstation as a DNS server using software like SimpleDNS (http://www.simpledns.com), which is as cheap as $80 for a five-zone license. Since you'd be using this as a forward caching resolver, that minimum license would be all you need.
0
 
LVL 3

Expert Comment

by:nevvamind
ID: 24057615
What you need is a caching DNS server sitting @ the fence.
BIND in a caching resolving mode would be ideal for your low bandwidth situations as it stores the entries locally and doesn't go out shouting everytime it gets a query.

See this http://www.langfeldt.net/DNS-HOWTO/BIND-9/DNS-HOWTO-3.html
0
 
LVL 62

Expert Comment

by:gheist
ID: 24058455
You have to introduce onsite DNS cache (or two).
I'd suggest MaraDNS for its great security record and simplicity.
If its features are not enough BIND is universal tool of choice
0
NEW Veeam Backup for Microsoft Office 365 1.5

With Office 365, it’s your data and your responsibility to protect it. NEW Veeam Backup for Microsoft Office 365 eliminates the risk of losing access to your Office 365 data.

 
LVL 3

Expert Comment

by:kchat
ID: 24058564
In my opinion, with 1500 users you should implement your own redundant DNS solution and better avoid the cheap ones.
Also you can use any of the public DNS but first check the response time (ping) and after comparing it, choose the lowest response time for your Primary DNS and your ISPs for secondary or the opposite if you get a better response from the ISP. The idea is to have fast name resolution and  a failover mechanism if for example you loose connectivity with the preffered one.
Just do a search for "Public DNS" to find the one you need, or also check this out:
http://80.247.230.136/dns2.htm
Always test yourself too before adopt any results ...
0
 
LVL 62

Expert Comment

by:gheist
ID: 24058618
Also you have to prioritize NTP and DNS traffic between client and server on slow link. This way you can even make 9600 line working.
0
 

Author Comment

by:demetri08
ID: 24066133
thanks all for the input, bind is my path of of choice. With that determined, what's the ideal setup? lets say i setup bind on a debian box, is this the best option? i that up yesterday, with cleints from different vlans going to the debian box's different internal ips, then its nated it to an external ip. what would be the biggest security concerns in a setup like that, to aviod?

how about redundancy, a mast and slave dns will do?

last, what about split dns. say i have a few places i need internal clients to go to, it seems split dns is best for such?

many thanks!
0
 
LVL 62

Expert Comment

by:gheist
ID: 24068437
ISC runs BIND on NetBSD
I'd look at www.distrowatch.com for easier Linux distribution.
No need to complicate with master/slave if you only do DNS caching.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Make the most of your online learning experience.
This program is used to assist in finding and resolving common problems with wireless connections.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

963 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question