third party message archiving application, change multiple DNS entries to multiple domains (yahoo, msn, google, etc)

hello! i am currently using a 3rd party email archiving company to archive messages from my company domain
its archiving all my instant messages from yahoo, msn, gmail, etc
currently, in our active directory DNS servers, we have zones for each unique domain (*.yahoo.com, *.oscar.aol.com, etc)
there are A LOT of zones... possibly 30
we need to point the DNS of the hostnames we were provided to our 3rd party proxy servers, so when the users login, they login to their instant messaging applications, it logs them into the 3rd party servers which allow us to archive the messages
in the event that the 3rd party servers are down, and we cant login to them, we need to implement a solution that will allow us to direct the users to the real/original ip addresses of the hostnames they are trying to contact at yahoo, msn, etc
currently, we have a file with all the dns records that we are going to add to the users HOSTS file in windows. but, this will take quite a bit of time,

im wondering if there is a better solution, that will allow us to change the ip addresses of the DNS entries on the DNS server, to use the actual addresses, possibly by using the DNS servers from our ISP (which, is what all other requests use if there is no zone in active directory
as you can imagine, changing the hosts file for 400 users might take some time!
LVL 1
jsctechyAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
Leon FesterConnect With a Mentor Senior Solutions ArchitectCommented:
I would seriously wonder about that 3rd party doing your archiving. How do they manage high availability of their services? And how do their other clients manage this issue?
These kind of service offerings should be covered by high availability SLA's.

But back to your issue:
Instead of exporting and deleting the whole zone I would suggest just updating the DNS record itself.

You said that you currently have a file with the details of the IP's.

Have a look at this Powershell script that uses the DNSCMD command and an input file to update DNS records.
http://gallery.technet.microsoft.com/scriptcenter/Update-DNS-records-with-da10910d
(Please read the blog post from this link for better understanding if needed)

In your case you will need two files; one with '3rd party IP' and another with 'real IP'.

With a decent monitoring system you should be able to automate the 'failover' task.

I'd suggest the following process:
Setup monitoring of 3rd party IP address/proxy servers
If 3rd party IP not available then run Powershell script with 'real IP' input file.

When the 3rd party proxy becomes available again then you run the Powershell script with the '3rd party IP'.

It would be more complicated to setup automation on this without the script executing every time the 3rd party IP's are available so this would be a manual execution.

That being said both scripts can be run manually when needed.

I would also suggest that you ensure that the TTL on the HOST records are set low (e.g. 300) this is to reduce the need to flush DNS cache should you change records.
0
 
Chris DentPowerShell DeveloperCommented:
Monitor the service, in the event of an outage, delete the zones and records. The real versions of those will now be used.

If the system returns to service, put the zones and records back. Clients will reconnect via that service. This does depend a little on how the clients, and the service work along with any TTL values for those public records.

That is almost certainly easier to script and control than anything to do with hosts files. Especially considering that you'd have to purge the hosts files once it returns to service.

Chris
0
 
jsctechyAuthor Commented:
instead of deleting the zone, would i be able to PAUSE the zone?
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
Chris DentPowerShell DeveloperCommented:
hmm perhaps, it's a good thought, you'd have to try it and see. If the server still considers itself to be authoritative it won't forward or iteratively resolve the request.

Perhaps spawn a new zone to test it? You could use my web-site domain for the test. Create a Forward Lookup Zone called "indented.co.uk", verify you cannot resolve www.indented.co.uk. Pause the zone then try again.

If it doesn't immediately resolve try clearing the cache first (dnscmd /ClearCache). If it still fails while Paused the method isn't going to help.

Chris
0
 
jsctechyAuthor Commented:
yea, i did exactly what you said for another website
i wasnt able to resolve to the website once i paused the zone.
there are about 40 zones that i would need to add in the event i deleted them, is there anyway to export the ones i have now, and then easily import 40 zones once i delete them, in the event i needed to?
0
 
Chris DentPowerShell DeveloperCommented:
dnscmd has a ZoneExport option:

dnscmd /ZoneExport thezone.com

That "should" take the zone and drop it to a file in C:\Windows\System32\DNS on your DNS server.

You should be able to re-add those using:

dnscmd /ZoneAdd thezone.com /Primary /file thezone.com.dns /load

It may need an additional change to AD integrated as a final step if you use that:

dnscmd /ZoneResetType thezone.com /DsPrimary /OverWrite_Ds

I imagine that lot will need tweaking and a good amount of testing, But it "should" work.

Chris
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.