Best Practice. Creating your own public name / DNS server.

Has anyone at EE created a pubic DNS / name server? Here's my scenario:

I've recently migrated to Exchange 2013 servers and during the process, I've updated my (A) and (MX) records to point to a new IP addresses. Mail-flow is working, and all exchange services are working properly. A week later we started experiencing message failures because mail servers on the other end were unable to verify our organization. This of course is a PTR record issue, and in most cases we would usually contact the ISP to generate a PTR record. The only problem is the "new" IP address I need to use, we own. Plan B was to generate a PTR from 1and1.com who handles our domain. Of course, 1and1 does not give us the option to generate a PTR record. I believe what is causing this issue is that I need to upgrade the account to a premium package, but I can't stand 1and1 because I've had nothing but problems with their services. We've subscribed to DYN and we were able to create a record that will validate our messages. During this project, we were required to perform a security audit on our network infrastructure. They of course found issues and want us to address them. One of the issues is the PTR record we created is point to one of our private / internal DNS servers. I agree with their assessment, and I'm in the process of finding the best practice to create a public DNS server that will not have access to any internal resource (Pretty much sitting on the outside of the firewall, on it's own separate public address). Is it best to use a Linux server, or Windows? What things do I need to take into consideration? Any input would be greatly appreciated. Thank you for your time.
Domenic DiPasqualeSystem / Network AdministratorAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

savoneCommented:
You are be best served not by creating your own DNS server, but rather ask whomever you are leasing the IP space from to create your PTR records.

Are you getting the IP space directly from ARIN? Chances are you are not, you are getting it from your ISP or another service.  If they offer "static" IP services they should also offer PTR services for said IP address.  I would definitely go this route first.

As for creating your own public DNS server, there is way too many considerations to be addressed here. You can start by reading RFCs, but be aware you are in for a daunting task.
kevinhsiehCommented:
Best practice is to not host your own DNS server, and it wouldn't help you with the PTR record anyway because those are not easily delegated. What do you mean that you own your IP. Do you have a /24 or larger subnet?

We use DNS Made Easy for DNS, and they support PTR records and lots of other cool stuff like DNS failover for servers.
gheistCommented:
Reverse delegation is easy, only technical limitation is that you must have at least /24 but in most places /23 and 2 DNS servers on separate /24 networks (provider can help you with slave DNS server too)
DrAtomicCommented:
With regards to which OS to choose; choose the one that your organization has the most knowledge about.

With regards to PTR records, know that you need to register your nameservers as being authorative for the IP space with the IP providing instance (Arin, Ripe, etc). If you don't own the IP space but have been assigned your own IP space by your provider you can ask them to either create the PTRs or do a subdelegation for your IP space.
gheistCommented:
You might find webmin  on some Linux machine nicer than MMC DNS editor.
You need 2 DNS servers that are isolated from your AD for public DNS ($$$)

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
DNS

From novice to tech pro — start learning today.