External DNS Servers

[AndyJ]

Hi

I am planning on being the authority for my external DNS domain and
will be hosting all my and my customers DNS records myself. I plan on
deploying one external DNS server for the time being. Someone told me
that I would need at least 2 external DNS servers to allow the transfer
of this authority to happen at my ISP. Is this true? I appreciate the
fact that 2 external DNS servers would provide redundancy but I don't
have the physical hardware at the moment. Could I run 2 guest OS
machines on virtual server and make them both DNS servers, anyone have
any experience with virtualising DNS services? Would this be
advisable??

Thanks all

AJ

 

[Herb Martin]

Hi

I am planning on being the authority for my external DNS domain and
will be hosting all my and my customers DNS records myself.

It is generally a poor idea so what are you specific reasons
for doing this?

I plan on
deploying one external DNS server for the time being. Someone told me
that I would need at least 2 external DNS servers to allow the transfer
of this authority to happen at my ISP. Is this true?

This is just one of the reasons why it is a poor idea
to do it yourself rather than leave the job at your
registrar where it belongs for all but the large (in
terms of Internet presence) companies.

It is a business rule of the Internet, although there
are ways to cheat why would you want to do this?

I appreciate the
fact that 2 external DNS servers would provide redundancy but I don't
have the physical hardware at the moment. Could I run 2 guest OS
machines on virtual server and make them both DNS servers, anyone have
any experience with virtualising DNS services? Would this be
advisable??

Better to leave your external DNS at the Registrar.

 

[AndyJ]

Thanks Herb

It is so I can make the changes that I require to be made in a timely
manner and so I have complete control over the records. I'm finding I
cannot add records that I want to at my existing registrar, maybe I
should just switch to a better one?

Thanks
AJ

Hi

I am planning on being the authority for my external DNS domain and
will be hosting all my and my customers DNS records myself.

It is generally a poor idea so what are you specific reasons
for doing this?

I plan on
deploying one external DNS server for the time being. Someone told me
that I would need at least 2 external DNS servers to allow the transfer
of this authority to happen at my ISP. Is this true?

This is just one of the reasons why it is a poor idea
to do it yourself rather than leave the job at your
registrar where it belongs for all but the large (in
terms of Internet presence) companies.

It is a business rule of the Internet, although there
are ways to cheat why would you want to do this?

I appreciate the
fact that 2 external DNS servers would provide redundancy but I don't
have the physical hardware at the moment. Could I run 2 guest OS
machines on virtual server and make them both DNS servers, anyone have
any experience with virtualising DNS services? Would this be
advisable??

Better to leave your external DNS at the Registrar.

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

Thanks all

AJ

 

[Herb Martin]

Thanks Herb

It is so I can make the changes that I require to be made in a timely
manner and so I have complete control over the records. I'm finding I
cannot add records that I want to at my existing registrar, maybe I
should just switch to a better one?

Perhaps. Practically all of the public registrars have
a GUI interface that allows you to add/manage your
own records. There are usually short delays before
the changes are live but most people do NOT change
their public DNS on a minute by minute basis (how
often do you change ISPs etc...?)

Register.com was lacking any method to do SPF last
I checked (but may have added that in recent months
although they acted deaf when I suggested it earlier
this year) but GoDaddy has TEXT records which work
just fine (as are used in Microsoft DNS anyway.)

What unusual record besides SPF is your motivation?


--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

Thanks
AJ

Hi

I am planning on being the authority for my external DNS domain and
will be hosting all my and my customers DNS records myself.

It is generally a poor idea so what are you specific reasons
for doing this?

I plan on
deploying one external DNS server for the time being. Someone told me
that I would need at least 2 external DNS servers to allow the transfer
of this authority to happen at my ISP. Is this true?

This is just one of the reasons why it is a poor idea
to do it yourself rather than leave the job at your
registrar where it belongs for all but the large (in
terms of Internet presence) companies.

It is a business rule of the Internet, although there
are ways to cheat why would you want to do this?

I appreciate the
fact that 2 external DNS servers would provide redundancy but I don't
have the physical hardware at the moment. Could I run 2 guest OS
machines on virtual server and make them both DNS servers, anyone have
any experience with virtualising DNS services? Would this be
advisable??

Better to leave your external DNS at the Registrar.

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

Thanks all

AJ

 

[Ace Fekay [MVP]]

In

Register.com was lacking any method to do SPF last
I checked (but may have added that in recent months
although they acted deaf when I suggested it earlier
this year) but GoDaddy has TEXT records which work
just fine (as are used in Microsoft DNS anyway.)

Network Solutions does not offer that yet either.

Ace

 

[AndyJ]

I am offering Exchange, SPS and LCS hosted services and my provisioning
software allows for automating DNS. If I hosted public DNS internally
this would be a lot easier for me to manage and a lower admin overhead,
although I will still have to register my name servers as the authority
for the new domains.

So I have a requirement to create SRV records too as well as the normal
A, CNAME, MX etc etc.

Thanks

AJ

Thanks Herb

It is so I can make the changes that I require to be made in a timely
manner and so I have complete control over the records. I'm finding I
cannot add records that I want to at my existing registrar, maybe I
should just switch to a better one?

Perhaps. Practically all of the public registrars have
a GUI interface that allows you to add/manage your
own records. There are usually short delays before
the changes are live but most people do NOT change
their public DNS on a minute by minute basis (how
often do you change ISPs etc...?)

Register.com was lacking any method to do SPF last
I checked (but may have added that in recent months
although they acted deaf when I suggested it earlier
this year) but GoDaddy has TEXT records which work
just fine (as are used in Microsoft DNS anyway.)

What unusual record besides SPF is your motivation?


--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

Thanks
AJ

Hi

I am planning on being the authority for my external DNS domain and
will be hosting all my and my customers DNS records myself.

It is generally a poor idea so what are you specific reasons
for doing this?

I plan on
deploying one external DNS server for the time being. Someone told me
that I would need at least 2 external DNS servers to allow the transfer
of this authority to happen at my ISP. Is this true?

This is just one of the reasons why it is a poor idea
to do it yourself rather than leave the job at your
registrar where it belongs for all but the large (in
terms of Internet presence) companies.

It is a business rule of the Internet, although there
are ways to cheat why would you want to do this?

I appreciate the
fact that 2 external DNS servers would provide redundancy but I don't
have the physical hardware at the moment. Could I run 2 guest OS
machines on virtual server and make them both DNS servers, anyone have
any experience with virtualising DNS services? Would this be
advisable??

Better to leave your external DNS at the Registrar.

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]


Thanks all

AJ

 

[Herb Martin]

I am offering Exchange, SPS and LCS hosted services and my provisioning
software allows for automating DNS. If I hosted public DNS internally
this would be a lot easier for me to manage and a lower admin overhead,

In what way? One practically never changes public records.
They tend to be extremely stable (and small in number.)

although I will still have to register my name servers as the authority
for the new domains.

So I have a requirement to create SRV records too as well as the normal
A, CNAME, MX etc etc.

SRV for PUBLIC access? Be sure any registrar you
use (if you follow my advice) supports them.


--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

Thanks

AJ

Thanks Herb

It is so I can make the changes that I require to be made in a timely
manner and so I have complete control over the records. I'm finding I
cannot add records that I want to at my existing registrar, maybe I
should just switch to a better one?

Perhaps. Practically all of the public registrars have
a GUI interface that allows you to add/manage your
own records. There are usually short delays before
the changes are live but most people do NOT change
their public DNS on a minute by minute basis (how
often do you change ISPs etc...?)

Register.com was lacking any method to do SPF last
I checked (but may have added that in recent months
although they acted deaf when I suggested it earlier
this year) but GoDaddy has TEXT records which work
just fine (as are used in Microsoft DNS anyway.)

What unusual record besides SPF is your motivation?


--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

Thanks
AJ

Herb Martin wrote:
Hi

I am planning on being the authority for my external DNS domain and
will be hosting all my and my customers DNS records myself.

It is generally a poor idea so what are you specific reasons
for doing this?

I plan on
deploying one external DNS server for the time being. Someone told
me
that I would need at least 2 external DNS servers to allow the
transfer
of this authority to happen at my ISP. Is this true?

This is just one of the reasons why it is a poor idea
to do it yourself rather than leave the job at your
registrar where it belongs for all but the large (in
terms of Internet presence) companies.

It is a business rule of the Internet, although there
are ways to cheat why would you want to do this?

I appreciate the
fact that 2 external DNS servers would provide redundancy but I
don't
have the physical hardware at the moment. Could I run 2 guest OS
machines on virtual server and make them both DNS servers, anyone
have
any experience with virtualising DNS services? Would this be
advisable??

Better to leave your external DNS at the Registrar.

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]


Thanks all

AJ

 

[Ace Fekay [MVP]]

In

I am offering Exchange, SPS and LCS hosted services and my
provisioning software allows for automating DNS. If I hosted public
DNS internally this would be a lot easier for me to manage and a
lower admin overhead, although I will still have to register my name
servers as the authority for the new domains.

So I have a requirement to create SRV records too as well as the
normal A, CNAME, MX etc etc.

Thanks

AJ

I've never heard of any public DNS offering SRV records, other than for
specific IE SRV records, which is in beta and gone by the wayside lately,
also which I don't yet think any browsers yet support it.

If for AD, keep your SRVs private and just VPN in or have VPN support for
anyone requiring to access/authenticate to internal resources. Public SRVs
for AD are not a good idea.

Maybe you can elaborate a bit more on what exactly you are tyring to do by
offering SRVs publicly.

Ace

 

[AndyJ]

In

I've never heard of any public DNS offering SRV records, other than for
specific IE SRV records, which is in beta and gone by the wayside lately,
also which I don't yet think any browsers yet support it.

If for AD, keep your SRVs private and just VPN in or have VPN support for
anyone requiring to access/authenticate to internal resources. Public SRVs
for AD are not a good idea.

Maybe you can elaborate a bit more on what exactly you are tyring to do by
offering SRVs publicly.

Ace

SRV records are required for LCS - federation, remote access and public
IM connectivity

SJ

 

[Ace Fekay [MVP]]

In

SRV records are required for LCS - federation, remote access and
public IM connectivity

SJ

So you are offering internal resources to the outside. I see. Most public
registrars do not offer that capability. Usually the software handles the
connection requirements instead of DNS since most public applications do not
yet support SRV records. However, I understand what you are trying to do by
offering certain internal apps outside that work using SRVs, such as
Exchange IM (which the client is similar to but slightly different than the
MSN messenger and would need to download the specific one that will work).
Keep in mind, Exchange IM does not *require* SRVs, but it makes it easier
for most people to simnply type in the domain name with an Exchange IM home
server instead of typing in the whole FQDN of the server.

If you want to do this, you can probably create multiple nameservers using
Windows 2003 as your DNS servers (since they support SRVs), and host your
own domain name just for this purpose and register them as nameservers with
your registrar. Each domain requires two nameservers. But keep in mind, I
wouldn't mix internal and external data however, under the same zone (public
and private IPs).

I hope all works out well.

Ace

 

[AndyJ]

In

So you are offering internal resources to the outside. I see. Most public
registrars do not offer that capability. Usually the software handles the
connection requirements instead of DNS since most public applications do not
yet support SRV records. However, I understand what you are trying to do by
offering certain internal apps outside that work using SRVs, such as
Exchange IM (which the client is similar to but slightly different than the
MSN messenger and would need to download the specific one that will work).
Keep in mind, Exchange IM does not *require* SRVs, but it makes it easier
for most people to simnply type in the domain name with an Exchange IM home
server instead of typing in the whole FQDN of the server.

If you want to do this, you can probably create multiple nameservers using
Windows 2003 as your DNS servers (since they support SRVs), and host your
own domain name just for this purpose and register them as nameservers with
your registrar. Each domain requires two nameservers. But keep in mind, I
wouldn't mix internal and external data however, under the same zone (public
and private IPs).

I hope all works out well.

Ace

Thanks. Exchange IM is something I wont be offering as a service its
pretty much old hat now and is not supported in Exchange 2003. LCS
definately needs SRV records internally and externally and they can be
a bit of a pig to get working correctly.
Thanks for all your advice
AJ

 

[Ace Fekay [MVP]]

In

Thanks. Exchange IM is something I wont be offering as a service its
pretty much old hat now and is not supported in Exchange 2003. LCS
definately needs SRV records internally and externally and they can be
a bit of a pig to get working correctly.
Thanks for all your advice
AJ

I should have mentioned LCS is similar to Exchange IM where it does not
*require* SRVs but SRVs make it easier for users to remember the shorter
name and to allow the user to connect to partner and other organizations
configured as part of your trusted "realm". LCS was a replacement for the
older IM service and offers more support for various things that the older
Exchange 2000 did not offer, such as for mobile clients, among other things.

"Enhanced federation uses DNS SRV resolution to locate the Access Proxy of a
federated partner, [...]".

Above quoted from: Live Communications Server 2005 Document: Deployment
Overview, page 3:
http://www.microsoft.com/downloads/...63-51CD-4907-9B8F-C4579ABAFCF7&displayLang=en

Also:
"Direct federation requires that you specify both the Access Proxy and the
SIP domain of each federated partner and that your partners do the same for
you. This procedure provides a high degree of security and control, but it
entails a lot more work and ongoing attention than even restricted enhanced
federation. For this reason, direct federation is recommended only for
partners who have neither upgraded to SP1 nor published a SRV record for
their domain. "

Above quoted from: Live Communications Server 2005 Document: Technical
Overview, page 17
http://www.microsoft.com/downloads/...31-53F7-48CC-86F3-B8DA69F86239&displayLang=en

Therefore, just as IM in Ex2000, it does not really *require* SRVs, but
implementing them does offer additional support, which I assume you will
need in your scenario. So it really depends on your scenario and what you're
trying to accomplish.

No problem for the help. Good luck. Let us know how you make out.

Ace

 

[AndyJ]

In

Thanks. Exchange IM is something I wont be offering as a service its
pretty much old hat now and is not supported in Exchange 2003. LCS
definately needs SRV records internally and externally and they can be
a bit of a pig to get working correctly.
Thanks for all your advice
AJ

I should have mentioned LCS is similar to Exchange IM where it does not
*require* SRVs but SRVs make it easier for users to remember the shorter
name and to allow the user to connect to partner and other organizations
configured as part of your trusted "realm". LCS was a replacement for the
older IM service and offers more support for various things that the older
Exchange 2000 did not offer, such as for mobile clients, among other things.

"Enhanced federation uses DNS SRV resolution to locate the Access Proxy of a
federated partner, [...]".

Above quoted from: Live Communications Server 2005 Document: Deployment
Overview, page 3:
http://www.microsoft.com/downloads/...63-51CD-4907-9B8F-C4579ABAFCF7&displayLang=en

Also:
"Direct federation requires that you specify both the Access Proxy and the
SIP domain of each federated partner and that your partners do the same for
you. This procedure provides a high degree of security and control, but it
entails a lot more work and ongoing attention than even restricted enhanced
federation. For this reason, direct federation is recommended only for
partners who have neither upgraded to SP1 nor published a SRV record for
their domain. "

Above quoted from: Live Communications Server 2005 Document: Technical
Overview, page 17
http://www.microsoft.com/downloads/...31-53F7-48CC-86F3-B8DA69F86239&displayLang=en

Therefore, just as IM in Ex2000, it does not really *require* SRVs, but
implementing them does offer additional support, which I assume you will
need in your scenario. So it really depends on your scenario and what you're
trying to accomplish.

No problem for the help. Good luck. Let us know how you make out.

Ace

Yes I have read all this and designed/deployed a large enterprise
deployment You also need SRV records for public IM otherwise the
Public IM providers access proxies cannot find yours. So I *do* need
them, I wish I didn't though

Cheers

 

[Ace Fekay [MVP]]

In

Yes I have read all this and designed/deployed a large enterprise
deployment You also need SRV records for public IM otherwise the
Public IM providers access proxies cannot find yours. So I *do* need
them, I wish I didn't though

Cheers

It appears you do need them in your scenario! Good luck with everything!

Happy Holidays!

Ace