Opinion
Jul 28, 20033 mins
DNSLinuxNetworking
Nutter helps a user who’s moving DNS functions in-house.
My company’s use of the Internet is changing. We’re moving from having just a mail server and a Web site to having several systems that need a public IP address and “ad hoc” systems that need a public address for short- or long-term needs depending on the project. Our ISP is handling our DNS needs at this point, but we’d like to take over that function as this would make it easier to change ISPs as well as make changes when we need them. What should we use for a DNS server – Linux or Windows? What’s the best way to move forward on this?
– Via the Internet
The answer is – it depends. If you’re mostly a Windows shop, then working with Microsoft’s DNS server would be an easier way for you to implement handling your own DNS server functionality. Another option is to get a port of BIND that runs under Windows. These are two options that run on the Windows platform. One school of thought is to run one of your DNS servers on one OS such as Windows and the other on Linux or NetWare. The reason behind this is that if someone hacks or compromises one of the DNS servers, having the other on another platform makes it harder for both to be attacked. Regardless of which way you go, look for information that is readily available from sources such as O’Reilly about hardening your DNS servers to further reduce the chances of attack. Configure the servers to only accept zone updates from the other DNS server(s) you have. Putting the servers in a DMZ on your firewall is one further step you can take to minimize the possibility of being hacked.
At a minimum, you’ll need two DNS servers for each Internet domain you have. You can have more than two for a domain but usually three is tops unless you have multiple server farms where you would want to distribute the DNS lookup load. It’s a good idea to have at least one of your DNS servers at a separate location. This can be helpful in the event one location goes down. You can make DNS record changes on the fly and allow your customers/employees/vendors to access a server at a different location but using the same fully distinguished server name without having to contact everyone with a new IP address.
Related content
analysis
Network automation challenges are dampening success rates
Most enterprises are juggling multiple commercial, open source, and homegrown network automation tools, and few are reporting fully successful automation initiatives.
ByDenise Dubie
Mar 28, 20246 mins
Data Center AutomationNetwork Management SoftwareNetwork Monitoring
news
SD-WAN, SASE outpace MPLS investments: survey
SD-WAN and SASE technologies are becoming mainstream and MPLS usage is on the decline, according to survey results from SASE vendor Aryaka.
ByDenise Dubie
Mar 28, 20244 mins
SASEMPLSNetwork Management Software
analysis
Beware the gap between security readiness and confidence levels, Cisco warns
Companies need greater network segmentation, sandboxes, firewalls, and anomaly detection to fight attackers, according to Cisco's 2024 Cybersecurity Readiness Index.
ByMichael Cooney
Mar 27, 20246 mins
SASENetwork SecurityNetworking
analysis
Cisco: AI tools, better workspaces would boost in-office appeal
Office environments need to change to foster collaboration, and employers need to close the AI skills gap, Cisco reports in its hybrid work study.
ByMichael Cooney
Mar 27, 20243 mins
Generative AICareersNetworking
NEWSLETTERS
Newsletter Promo Module Test
Description for newsletter promo module.