Enterprises Are Not Taking DNS Seriously

Domain Name Service (DNS) is the key technology in modern IT infrastructures – without it, your business stops. Every single application now relies on DNS in one way or another.

Do you want to send an email? Your email program uses DNS to find the IP address of your mail server so it can send the email.

Do you want to print something? The PC will use DNS to find the printer’s IP address.

Do you want to access your company’s corporate database? Your application will use DNS to find the database server IP address.

DNS acts as a large electronic address book that catalogs all the IP addresses of servers and printers on the network. Without it your PC will have a hard time accessing these other systems.

So when I visit sites that still run DNS on an old Windows NT server under someone’s desk, I’m horrified.

In many cases, DNS servers were deployed in response to a specific requirement: someone needed a DNS server to implement a proxy server or a specific application required a DNS server. But as more applications and services are deployed, DNS infrastructure is often the last thing that is considered. DNS servers and domains were often deployed without a general strategy, leading to an unstructured, non-resilient, and misconfigured mess.

Install an Active Directory domain controller and it will attempt to resolve the AD domain name to DNS. If you don’t have a DNS server on your network or can’t contact one, it will automatically install one on the domain controller. “Great” you might think, “he’s doing all the hard work for me,” but this is implementing DNS with an ad-hoc approach that may not best suit long-term business. For example, the newly installed domain controller may be in a remote location or on a non-resilient network segment. The fact that DNS is running on a domain controller means it is not on dedicated hardware, so other applications may be affecting server performance or availability. Installing critical Microsoft security updates is critical, but in many cases it requires a reboot which will affect the availability of the DNS service running on that domain controller.

As your infrastructure has grown to rely on DNS servers co-hosted on Microsoft servers, it quickly becomes apparent that applying Microsoft security updates and service packs affects the availability of not just that single domain controller, but of any application that relies on DNS. Reboots must be meticulously planned to determine which applications will be affected and to ensure that those applications can reach the backup DNS servers. Without proper DNS infrastructure planning, you start to detect misconfigured application servers that do not have secondary or tertiary DNS servers configured or that have servers configured that are no longer running a DNS service. Also, without any monitoring, you may discover servers where the DNS service has stopped or crashed. เว็บพนันยอดนิยม

These poorly configured systems only become visible when a DNS server fails or is restarted for maintenance, and the impact can range from a minor glitch (the CEO cannot receive his email) to disastrous (a bank’s trading floor suddenly disabled for 15 minutes while the stock market is falling).

To prevent these issues from affecting DNS service availability, some larger companies are starting to take their DNS infrastructures seriously by taking a holistic approach. This involves making an individual or team responsible for the entire DNS infrastructure and deploying dedicated DNS server appliances managed by that team. Adopting this approach allows the “DNS team” to arbitrate between the DNS requirements of different projects and ensure that a structured approach is taking a structured approach to configuring new domains and DNS servers. Quite often, companies implement an IP address management (IPAM) product to help them manage IP address assignment and automate updates to the DNS environment.