Using Windows server to host Name Server / External DNS

My company has registered a lot of domain name and I would like to host the name servers in my company instead of park the domain name under hosting company.

1. If I use Windows 2003 or 2008, is it will be good to manage? any risks?

2. What are the popular solution for setting up the name servers.

3. If I split the DNS server to external and internal, are there any impacts?

4. Any website can learn what is network diagram and is flow? Because I have no experience on this.


Thanks!
LeongkokfooAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Corey HabbasSecurityCommented:
When I saw your post I had many ideas. The three elements that I thought of were:
1.      How to become a Domain Registrar:
2.      How to Host Domain Names
3.      Ho to Host Web sites
The above three items are all separate matters but are somewhat related to this discussion, so I wanted to touch on all of them.  Becoming a Domain Registrar is probably the most ambitious task.  I found and interesting discussion here:
http://www.webhostingtalk.com/showthread.php?t=636112I found a good article on Domain Name Hosting here:
http://www.mdjnet.dk/dns.html

An Experts Exchange answer to a similar question can be found here (I’m not sure what this one advises as I cannot see the answer):
http://www.experts-exchange.com/Networking/Protocols/DNS/Q_25896245.html

The easiest option buy the domain names directly from the accredited registrar and then host the sites via your network.  Accredited Registrars are listed on this link:
http://www.icann.org/en/registrars/accredited-list.html

You’ll notice something interesting in this.  As you can see, the accredited registrars are actual hosting companies.  So basically this is why I posted information on how you can become an accredited registrar…because you wanted to bypass the hosting company altogether in being your own host.  So, now the question becomes much bigger than just which brand of server to choose.
The steps would now be:
1)      What is involved with becoming an accredited registrar?
2)      What are the rules of compliance?
3)      How do I design my network, policies and procedures and security to comply with regulations?
I hope this is enough to get you started…
jlindlerCommented:
1.  Either 2003 or 2008 will do just fine.

2. I am not sure of the question, but if you are planning to host your own external names servers, you will need two external IP's  (either both assigned to one server - bad or two servers - better).   You will also need other servers to provide internal DNS.  

3.  Yes, you will need to split external and internal DNS on different servers if they are the same domain.   Or you may want to host your DNS offsite.   For example, GoDaddy offers free DNS hosting.  

4. Try this site.... http://www.gnc-web-creations.com/dns-tutorial.htm
Corey HabbasSecurityCommented:
I forgot to mention the risks and network considerations.  Risks…but of course!  There are many risks that you will want to address when hosting.  I won’t go into the business risks, only the technology risks.  Basically you want security and redundancy in your network plan and topology.

Some ideas to consider are:

Do you have a secure network infrastructure already in place?  If not, you will need to design a good network with a hybrid mesh  topology.  Load balancing on a server cluster of Windows 2008 servers (or whichever brand of server you want to go with).
Do you have a firewall?
Is there a DMZ already in place?
Do you have redundancy in your server hardware, NICs, Hard drives?
Are you implementing RAID?
Have you defined a scheduled backup plan for your servers?
Do you have adequate personell to support the maintenance and supervision of your hosts?
Exploring SQL Server 2016: Fundamentals

Learn the fundamentals of Microsoft SQL Server, a relational database management system that stores and retrieves data when requested by other software applications.

KaffiendCommented:
DNS hosting can be had for very cheap.

IMO, it is a waste of a Windows license to host the DNS servers yourself - not to mention the maintenance and care of these servers.  Plus, you have to deal with the security issues.  And, although DNS queries don't take a lot of resources to handle, it does require at least one of your public IPs.  Also, a professional DNS host will have more resources to defend against attacks than your server will.

And DNS best practice calls for at least 2 nameservers - are you willing and able to put up 2 servers and 2 public IPs for that?

My 0.02 cents: go with a DNS host.
LeongkokfooAuthor Commented:
HI Kaffiend,

The license and Server Cost should be no problem for us. As long as we can manage it by ourself.
KaffiendCommented:
Well, if you insist on doing it yourself....

A windows server is more than capable of being a public-facing DNS server.  It can handle all types of DNS records (A, CName, MX, TXT, SRV, etc)

Configure your firewall to let port 53 through to your servers.  

Although you're supposed to have 2 name servers for any domain, you could get by with one.  If at all possible, please use 2 (or more, I suppose)

Keep in mind that if your internet connection is down, there will be NO  name resolution for your domains, so make sure your internet connection is solid.

One of the things to consider is how to resolve external DNS records on your internal domains.  Some firewalls do not like to have traffic come out of the internal interface, only to come back in through the external interface to an internal IP (this might occur if you host publicly-available services such as yourcomapnywebsite.com, or maybe your mail server.  Ideally, you have servers dedicated to external DNS only, so that this never becomes an issue- your external DNS servers do only that, and you maintain a separate set of servers for internal DNS.)

As an added bonus, if you have separate/distinct external and internal DNS servers, there is no way for someone to enumerate what's on your internal network from using DNS queries.

If you configure your firewall properly, the risk is fairly small, from a security standpoint.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
LeongkokfooAuthor Commented:
I think I need the comments from someone that work in a "Hosting Company" . Anyone can share the experience of hosting the Name Servers?
Glen KnightCommented:
What is it you are not sure about?
Can you give information as to what extra details you would like?
Qlemo"Batchelor", Developer and EE Topic AdvisorCommented:
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
DNS

From novice to tech pro — start learning today.