[Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

third party message archiving application, change multiple DNS entries to multiple domains (yahoo, msn, google, etc)

Posted on 2013-12-10
6
Medium Priority
?
418 Views
Last Modified: 2014-11-12
hello! i am currently using a 3rd party email archiving company to archive messages from my company domain
its archiving all my instant messages from yahoo, msn, gmail, etc
currently, in our active directory DNS servers, we have zones for each unique domain (*.yahoo.com, *.oscar.aol.com, etc)
there are A LOT of zones... possibly 30
we need to point the DNS of the hostnames we were provided to our 3rd party proxy servers, so when the users login, they login to their instant messaging applications, it logs them into the 3rd party servers which allow us to archive the messages
in the event that the 3rd party servers are down, and we cant login to them, we need to implement a solution that will allow us to direct the users to the real/original ip addresses of the hostnames they are trying to contact at yahoo, msn, etc
currently, we have a file with all the dns records that we are going to add to the users HOSTS file in windows. but, this will take quite a bit of time,

im wondering if there is a better solution, that will allow us to change the ip addresses of the DNS entries on the DNS server, to use the actual addresses, possibly by using the DNS servers from our ISP (which, is what all other requests use if there is no zone in active directory
as you can imagine, changing the hosts file for 400 users might take some time!
0
Comment
Question by:jsctechy
  • 3
  • 2
6 Comments
 
LVL 71

Expert Comment

by:Chris Dent
ID: 39711518
Monitor the service, in the event of an outage, delete the zones and records. The real versions of those will now be used.

If the system returns to service, put the zones and records back. Clients will reconnect via that service. This does depend a little on how the clients, and the service work along with any TTL values for those public records.

That is almost certainly easier to script and control than anything to do with hosts files. Especially considering that you'd have to purge the hosts files once it returns to service.

Chris
0
 
LVL 1

Author Comment

by:jsctechy
ID: 39711576
instead of deleting the zone, would i be able to PAUSE the zone?
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 39711596
hmm perhaps, it's a good thought, you'd have to try it and see. If the server still considers itself to be authoritative it won't forward or iteratively resolve the request.

Perhaps spawn a new zone to test it? You could use my web-site domain for the test. Create a Forward Lookup Zone called "indented.co.uk", verify you cannot resolve www.indented.co.uk. Pause the zone then try again.

If it doesn't immediately resolve try clearing the cache first (dnscmd /ClearCache). If it still fails while Paused the method isn't going to help.

Chris
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
LVL 1

Author Comment

by:jsctechy
ID: 39711619
yea, i did exactly what you said for another website
i wasnt able to resolve to the website once i paused the zone.
there are about 40 zones that i would need to add in the event i deleted them, is there anyway to export the ones i have now, and then easily import 40 zones once i delete them, in the event i needed to?
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 39711689
dnscmd has a ZoneExport option:

dnscmd /ZoneExport thezone.com

That "should" take the zone and drop it to a file in C:\Windows\System32\DNS on your DNS server.

You should be able to re-add those using:

dnscmd /ZoneAdd thezone.com /Primary /file thezone.com.dns /load

It may need an additional change to AD integrated as a final step if you use that:

dnscmd /ZoneResetType thezone.com /DsPrimary /OverWrite_Ds

I imagine that lot will need tweaking and a good amount of testing, But it "should" work.

Chris
0
 
LVL 26

Accepted Solution

by:
Leon Fester earned 2000 total points
ID: 39713723
I would seriously wonder about that 3rd party doing your archiving. How do they manage high availability of their services? And how do their other clients manage this issue?
These kind of service offerings should be covered by high availability SLA's.

But back to your issue:
Instead of exporting and deleting the whole zone I would suggest just updating the DNS record itself.

You said that you currently have a file with the details of the IP's.

Have a look at this Powershell script that uses the DNSCMD command and an input file to update DNS records.
http://gallery.technet.microsoft.com/scriptcenter/Update-DNS-records-with-da10910d
(Please read the blog post from this link for better understanding if needed)

In your case you will need two files; one with '3rd party IP' and another with 'real IP'.

With a decent monitoring system you should be able to automate the 'failover' task.

I'd suggest the following process:
Setup monitoring of 3rd party IP address/proxy servers
If 3rd party IP not available then run Powershell script with 'real IP' input file.

When the 3rd party proxy becomes available again then you run the Powershell script with the '3rd party IP'.

It would be more complicated to setup automation on this without the script executing every time the 3rd party IP's are available so this would be a manual execution.

That being said both scripts can be run manually when needed.

I would also suggest that you ensure that the TTL on the HOST records are set low (e.g. 300) this is to reduce the need to flush DNS cache should you change records.
0

Featured Post

New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
This Micro Tutorial will demonstrate importing calendar invites from events such as webinars into your Google Calendar.
This Micro Tutorial demonstrates in Google Sheets how to use the HYPERLINK function to create live links inside your spreadsheet.
Suggested Courses

865 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question