HI Guys,

I am currently doing a networking course and we had a session on private/public DNS.
We were told that the university has its own DNS servers and many businesses host their own DNS's.

However this has left me confused as why would a company/instituiton use a whole server just to serve its DNS.

Eg: Company has its webserver serving w ww.company.com

Why would it use 2 more servers for DNS??? (The upkeep and cost must be quite high for these servers)

Where a DNS which has 1000 of DNS entries is justifiable, why would you have a server with 1-2 entries.

Thanks

For the security and redundancy benefit. The phrase "Don't keep all your eggs in one basket" seems fairly appropriate.

Oh I see, thanks for the reply

So does virtualisation make this more feasable now? as im guessing DNS servers for businesses (Not Microsoft/facebook) would not have much overhead and demand.

Also, the cost is low and the upkeep is virtually nil.

Oh I see, thanks for the reply

So does virtualisation make this more feasable now? as im guessing DNS servers for businesses (Not Microsoft/facebook) would not have much overhead and demand.

Virtualisation allows for more efficient use of the hardware you have. Unfortunately the software involved has it's own problems security wise.

By using one physical server running multiple OSs you are effectively still putting your eggs in one basket except the eggs are divided in two down the middle by a very tall and long plexi-glass screen. If some one happens to throw a rock and it lands in the basket only some of your eggs are broken. If you happen to leave your basket in the middle if a live ammunition mortar range, no amount of separation with in the basket will save you or your eggs.

Wow tehBoris, your Easter must be fucked up!

However this has left me confused as why would a company/instituiton use a whole server just to serve its DNS.

Most don't.

But you are required to have two DNS servers. They are supposed to be on different class C networks.

When you have zillions of servers, the rules are different. But for most small businesses, or home vanity domains, there is only one server.

What you typically see is many names defined in the DNS zone files.
They may all point to the same server when you are small. As you grow, you can separate them.

ns.fishtop.com. 300 IN CNAME fishtop.com.
fishtop.com. 300 IN A 70.184.242.241
mail.fishtop.com. 300 IN A 70.184.242.241
www.fishtop.com. 300 IN A 70.184.242.241

Its just one box, but it has four names

*cough* I love DNS *cough* (note that, this will be MS oriented, since I'm reading up on DNS on win2k3 and 2k8).

The company DNS-server could be for various intranet reasons, or for other local domain reasons. Security, blocking various sites etc.


From personal reasons, I haven't found setting up a DNS on a VM that reliable.
Mostly due to the IP it's given by the host (It usually tend to be "over" the DHCP range which the router has). I much prefer having a switch directly connected to the servers second NIC.

modem -> server -> server port 2 -> switch/router <-computers

DNS is also used in email. Active directory get all f-ed up if the DNS is on the same server as the pop3/exchange is.

ww w.company.com has for instance one DNS for their email routing.
like
"I'm John. I'm going to send an email to mail.company.com

The message is sent to the mail-server connected to the company.com DNS server. The mail-server then searches for John in its database to verify if it's there. (if you have multiple mail server, and John in not in the first "forest", it'll send the request further down to mail2.company.com, and if it's not there it continues to mail3.company.com. To avoid looping, the database gets a log saying that "NO ACCOUNT AVAILABLE - SEND ERROR TO SENDER".)

(Note, that this is OVER simplifying, and it does not get a log.)

Wordpress com will let you host a page for free up to certain storage limitations. It is good for starting point for those on a budget.

-------------------------------------------------------------------------------------------------
http://computoman.wordpress.com/

Why would it use 2 more servers for DNS??? (The upkeep and cost must be quite high for these servers)

Its entirely possible, and very common, to have a web server and DNS server running on the same machine, along with the email server, etc. It does not even require virtualization. Just because a site has multiple types of servers running does not automatically mean they are using multiple machines to do it.

Its entirely possible, and very common, to have a web server and DNS server running on the same machine, along with the email server, etc. It does not even require virtualization. Just because a site has multiple types of servers running does not automatically mean they are using multiple machines to do it.

Isn't that what I said in http://revision3.com/forum/showpost.php?p=451126&postcount=7

It is what I tried to say

Isn't that what I said in http://revision3.com/forum/showpost.php?p=451126&postcount=7

It is what I tried to say

That's true, but with some operating systems, it won't work very well. Like server 2008.

You have to be log in with various admin accounts in order to configure things like DNS, file-server, email etc.

Though, unix based server may be more reliable.

You are not required to have any set amount of DNS services running. The reason most places have more than one is for redundancy. In order to maintain proper redundancy, each DNS server will be on a separate piece of hardware, in separate buildings, using separate power circuits. Why do you go to these great lengths? DNS runs the Internet. Without DNS, nothing works. If you are hosting your own company's DNS records and your DNS server goes down, you lose business... and money.

It is possible to host multiple DNS servers on one piece of hardware using virtualization, but you lose 95% of the redundancy you need to have.

You also do not want to hose many services on one piece of hardware; not only for redundancy reasons, but for security reasons. For instance, you should NEVER house your DNS services on the same machine as your web server. Web servers are easier to exploit than DNS servers. But if someone hacks your web server and gains shell access, they now have access to your DNS server. This means they can poison your records and cause monetary damage to you.

I pretty much agree. It is also good to have your own name resolution that is not available to the internet. Backup/secondary dns severs are pretty much a must for a network of size.

Most companies use microsoft's active directory. With ad you need to run a dns server in your lan (dns is a part of ad). Also dns caching is an import reason.

That's true, but with some operating systems, it won't work very well

You've completely lost me now. DNS is not defined by an OS. It may be true that some Windows OS versions have bad implementations of DNS, but that is a server and config question, it has nothing to do with the server itself.

Plus, you can run the iSC bind on any Windows box.

I suggest you do more research.

Isn't that what I said in http://revision3.com/forum/showpost.php?p=451126&postcount=7

It is what I tried to say

It may be...but I was half asleep when I was posting. That's usually never a good thing to do.