One of the things most overlook on a network when things are going well, but when they aren’t, are one of the most pain in the butt things imaginable is DNS for a network. When you start messing with DNS, you’ll find there are many ways things can go wrong or become endlessly complicated. I’ve find there are 5 rules that can help you keep DNS manageable and keep DNS problems to a minimum.
- Limit the number of zones Like many things in IT, doing some level of housekeeping, the longer a company is around the more likely they have accumulated more DNS zones, whether it be from projects that no longer exist or a product line no longer offered, or anything else your company might have been doing. It’s may seem like a daunting task going through all the zones or forwarders, but if there becomes an issue, you’ll be happy you have less to dig through.
- Remove all WINS dependencies
I’m still shocked that many networks out there still have WINS enabled and working. WINS is really outdated now-a-days and you are only adding another level of troubleshooting if a problem exist. If you have a mixed environment; Windows, Linux and Mac; only Windows machine will fully take advantage of WINS anyway, so no need to keep it running.
- Separate Internal and External DNS Servers This is the security guy inside me, I can’t stand when companies use one DNS server for both internal and external. For one this is a huge security concern and two this can make managing DNS a little more confusing when you need to make changes or troubleshoot.
- Combine DNS and DHCP
Since most business networks today are Windows based, it doesn’t make the most sense to have a Linux or Mac server doing DNS and/or DHCP, when windows is the OS of the computers. I’ve used both Linux and Windows based DNS systems and when it comes to troubleshooting and using Windows is better for business is the long run. It’s hard to type that as someone who uses Linux for other things.
- Make DNS highly available
DNS is really a network service that you want to keep up and running as much as possible and Windows DNS can be made highly available. This can be done by using more than two DNS servers. The advanced tab of the networking configuration panel for the Windows system allows for a tertiary or higher DNS server to be entered. The advantage of this, if one of the servers is down, DNS can still look up the chain and resolve DNS for your network, giving you a level of fault tolerance in your network. This works great when physically in different areas.
I’m sure this isn’t a complete list of ways to Limit DNS issues in your company, so if you have any please list them in the comments below.