Solved

what dns server do i need, and what is best

Posted on 2009-04-02
7
478 Views
Last Modified: 2013-12-19
I currently have 1500 users, and growing, and seem to be experiencing DNS related issue causing a degradation of service.  At peak times, clients on the largest VLANs cannot get to the DNS (off site). This is arbitrary and intermittent--happening on some computers all the time, and certainly more often at peak usage times.

this is a remote site, with limited bandwidth--so peak times don't translate to congestion on the lan side--but bandwidth limitations.

If this is a dns related issue, what would be the best solution--setting up tow local dns as forwarders? what kind of dns do i need (to accomdate forwarding traffic, and perhaps adding some local hosts)?

could i setup a private only dns to deal with local hosts, and then forward all other traffic to our isp's dns?
0
Comment
Question by:demetri08
7 Comments
 
LVL 11

Accepted Solution

by:
packetguy earned 500 total points
ID: 24057543
A great test is to temporarily switch to OpenDNS for your external DNS. This is a commercial service that you can use for free; the only catch is that "not found" sites will get directed to an ad page. But for testing you'll quickly be able to rule out DNS as a problem, because OpenDNS is very fast and very widely distributed across the Internet.

To use OpenDNS, just configure your external nameservers as 208.67.222.222 and 208.67.220.220. You might want to check out their site at http://www.opendns.com -- they have other features that I never use, but that might help you out with your troubleshooting.

Ideally you might want to consider a local DNS server to cache your external DNS queries, since with 1500 users you probably have a lot of redundant DNS traffic. You can buy DNS appliances to do this for under $1000, or you can easily configure any Windows workstation as a DNS server using software like SimpleDNS (http://www.simpledns.com), which is as cheap as $80 for a five-zone license. Since you'd be using this as a forward caching resolver, that minimum license would be all you need.
0
 
LVL 3

Expert Comment

by:nevvamind
ID: 24057615
What you need is a caching DNS server sitting @ the fence.
BIND in a caching resolving mode would be ideal for your low bandwidth situations as it stores the entries locally and doesn't go out shouting everytime it gets a query.

See this http://www.langfeldt.net/DNS-HOWTO/BIND-9/DNS-HOWTO-3.html
0
 
LVL 61

Expert Comment

by:gheist
ID: 24058455
You have to introduce onsite DNS cache (or two).
I'd suggest MaraDNS for its great security record and simplicity.
If its features are not enough BIND is universal tool of choice
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 3

Expert Comment

by:kchat
ID: 24058564
In my opinion, with 1500 users you should implement your own redundant DNS solution and better avoid the cheap ones.
Also you can use any of the public DNS but first check the response time (ping) and after comparing it, choose the lowest response time for your Primary DNS and your ISPs for secondary or the opposite if you get a better response from the ISP. The idea is to have fast name resolution and  a failover mechanism if for example you loose connectivity with the preffered one.
Just do a search for "Public DNS" to find the one you need, or also check this out:
http://80.247.230.136/dns2.htm
Always test yourself too before adopt any results ...
0
 
LVL 61

Expert Comment

by:gheist
ID: 24058618
Also you have to prioritize NTP and DNS traffic between client and server on slow link. This way you can even make 9600 line working.
0
 

Author Comment

by:demetri08
ID: 24066133
thanks all for the input, bind is my path of of choice. With that determined, what's the ideal setup? lets say i setup bind on a debian box, is this the best option? i that up yesterday, with cleints from different vlans going to the debian box's different internal ips, then its nated it to an external ip. what would be the biggest security concerns in a setup like that, to aviod?

how about redundancy, a mast and slave dns will do?

last, what about split dns. say i have a few places i need internal clients to go to, it seems split dns is best for such?

many thanks!
0
 
LVL 61

Expert Comment

by:gheist
ID: 24068437
ISC runs BIND on NetBSD
I'd look at www.distrowatch.com for easier Linux distribution.
No need to complicate with master/slave if you only do DNS caching.
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now