what dns server do i need, and what is best

I currently have 1500 users, and growing, and seem to be experiencing DNS related issue causing a degradation of service.  At peak times, clients on the largest VLANs cannot get to the DNS (off site). This is arbitrary and intermittent--happening on some computers all the time, and certainly more often at peak usage times.

this is a remote site, with limited bandwidth--so peak times don't translate to congestion on the lan side--but bandwidth limitations.

If this is a dns related issue, what would be the best solution--setting up tow local dns as forwarders? what kind of dns do i need (to accomdate forwarding traffic, and perhaps adding some local hosts)?

could i setup a private only dns to deal with local hosts, and then forward all other traffic to our isp's dns?
demetri08Asked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
packetguyConnect With a Mentor Commented:
A great test is to temporarily switch to OpenDNS for your external DNS. This is a commercial service that you can use for free; the only catch is that "not found" sites will get directed to an ad page. But for testing you'll quickly be able to rule out DNS as a problem, because OpenDNS is very fast and very widely distributed across the Internet.

To use OpenDNS, just configure your external nameservers as 208.67.222.222 and 208.67.220.220. You might want to check out their site at http://www.opendns.com -- they have other features that I never use, but that might help you out with your troubleshooting.

Ideally you might want to consider a local DNS server to cache your external DNS queries, since with 1500 users you probably have a lot of redundant DNS traffic. You can buy DNS appliances to do this for under $1000, or you can easily configure any Windows workstation as a DNS server using software like SimpleDNS (http://www.simpledns.com), which is as cheap as $80 for a five-zone license. Since you'd be using this as a forward caching resolver, that minimum license would be all you need.
0
 
nevvamindCommented:
What you need is a caching DNS server sitting @ the fence.
BIND in a caching resolving mode would be ideal for your low bandwidth situations as it stores the entries locally and doesn't go out shouting everytime it gets a query.

See this http://www.langfeldt.net/DNS-HOWTO/BIND-9/DNS-HOWTO-3.html
0
 
gheistCommented:
You have to introduce onsite DNS cache (or two).
I'd suggest MaraDNS for its great security record and simplicity.
If its features are not enough BIND is universal tool of choice
0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
kchatCommented:
In my opinion, with 1500 users you should implement your own redundant DNS solution and better avoid the cheap ones.
Also you can use any of the public DNS but first check the response time (ping) and after comparing it, choose the lowest response time for your Primary DNS and your ISPs for secondary or the opposite if you get a better response from the ISP. The idea is to have fast name resolution and  a failover mechanism if for example you loose connectivity with the preffered one.
Just do a search for "Public DNS" to find the one you need, or also check this out:
http://80.247.230.136/dns2.htm
Always test yourself too before adopt any results ...
0
 
gheistCommented:
Also you have to prioritize NTP and DNS traffic between client and server on slow link. This way you can even make 9600 line working.
0
 
demetri08Author Commented:
thanks all for the input, bind is my path of of choice. With that determined, what's the ideal setup? lets say i setup bind on a debian box, is this the best option? i that up yesterday, with cleints from different vlans going to the debian box's different internal ips, then its nated it to an external ip. what would be the biggest security concerns in a setup like that, to aviod?

how about redundancy, a mast and slave dns will do?

last, what about split dns. say i have a few places i need internal clients to go to, it seems split dns is best for such?

many thanks!
0
 
gheistCommented:
ISC runs BIND on NetBSD
I'd look at www.distrowatch.com for easier Linux distribution.
No need to complicate with master/slave if you only do DNS caching.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.