what dns server do i need, and what is best
I currently have 1500 users, and growing, and seem to be experiencing DNS related issue causing a degradation of service. At peak times, clients on the largest VLANs cannot get to the DNS (off site). This is arbitrary and intermittent--happening on some computers all the time, and certainly more often at peak usage times.
this is a remote site, with limited bandwidth--so peak times don't translate to congestion on the lan side--but bandwidth limitations.
If this is a dns related issue, what would be the best solution--setting up tow local dns as forwarders? what kind of dns do i need (to accomdate forwarding traffic, and perhaps adding some local hosts)?
could i setup a private only dns to deal with local hosts, and then forward all other traffic to our isp's dns?
this is a remote site, with limited bandwidth--so peak times don't translate to congestion on the lan side--but bandwidth limitations.
If this is a dns related issue, what would be the best solution--setting up tow local dns as forwarders? what kind of dns do i need (to accomdate forwarding traffic, and perhaps adding some local hosts)?
could i setup a private only dns to deal with local hosts, and then forward all other traffic to our isp's dns?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You have to introduce onsite DNS cache (or two).
I'd suggest MaraDNS for its great security record and simplicity.
If its features are not enough BIND is universal tool of choice
I'd suggest MaraDNS for its great security record and simplicity.
If its features are not enough BIND is universal tool of choice
In my opinion, with 1500 users you should implement your own redundant DNS solution and better avoid the cheap ones.
Also you can use any of the public DNS but first check the response time (ping) and after comparing it, choose the lowest response time for your Primary DNS and your ISPs for secondary or the opposite if you get a better response from the ISP. The idea is to have fast name resolution and a failover mechanism if for example you loose connectivity with the preffered one.
Just do a search for "Public DNS" to find the one you need, or also check this out:
http://80.247.230.136/dns2
Always test yourself too before adopt any results ...
Also you can use any of the public DNS but first check the response time (ping) and after comparing it, choose the lowest response time for your Primary DNS and your ISPs for secondary or the opposite if you get a better response from the ISP. The idea is to have fast name resolution and a failover mechanism if for example you loose connectivity with the preffered one.
Just do a search for "Public DNS" to find the one you need, or also check this out:
http://80.247.230.136/dns2
Always test yourself too before adopt any results ...
Also you have to prioritize NTP and DNS traffic between client and server on slow link. This way you can even make 9600 line working.
ASKER
thanks all for the input, bind is my path of of choice. With that determined, what's the ideal setup? lets say i setup bind on a debian box, is this the best option? i that up yesterday, with cleints from different vlans going to the debian box's different internal ips, then its nated it to an external ip. what would be the biggest security concerns in a setup like that, to aviod?
how about redundancy, a mast and slave dns will do?
last, what about split dns. say i have a few places i need internal clients to go to, it seems split dns is best for such?
many thanks!
how about redundancy, a mast and slave dns will do?
last, what about split dns. say i have a few places i need internal clients to go to, it seems split dns is best for such?
many thanks!
ISC runs BIND on NetBSD
I'd look at www.distrowatch.com for easier Linux distribution.
No need to complicate with master/slave if you only do DNS caching.
I'd look at www.distrowatch.com for easier Linux distribution.
No need to complicate with master/slave if you only do DNS caching.
BIND in a caching resolving mode would be ideal for your low bandwidth situations as it stores the entries locally and doesn't go out shouting everytime it gets a query.
See this http://www.langfeldt.net/DNS-HOWTO/BIND-9/DNS-HOWTO-3.html