Changes to support DNS scaling?

Hello DNS Gurus,
I'm not sure I have the best subject for this question so let me describe my situation.  I have:
my own registered domain (example.com)
one ML/Server 2.2.2 2010 MacMini (call it server1).
another 2010 MacMini server (call it server2) that I'm bringing into the network and was trying to set up as secondary zone for primary DNS server (on server1)
a record for example.com with dyndns.org because getting a staic ip address isn't an option with my ISP (although I want one--I wish Santa could bring me one).
routers that I have used and have successefully NATd and port forwarded for services I want to access.
When I set up server1, followed the Server.app set up, I put server1.example.com as the hostname which then set up DNS, creating a primary zone for server1.example.com.  Ok, having read a few threads here and around the net, I realize with a brand new server I could delete that and set up the zone as example.com.  Technically, it appears Server.app would also let me add another primary zone so I guess I could add example.com as a primary zone?
But server1 is currently providng serveral services to the small network including profiles and MDM.  I suspect if I make too dramatic of DNS changes I'll have to reenroll all my devices which is manageable.  But, I'm also concerned about messing up other services permanently?
One thing about this configuration I do not like is that I have to use example.com (or a web hop) to access my network from outside but I have to use server1.example.com from the inside.  This isn't very seamless, especially as I work to open a couple more services to the outside.  That said, since I primarily use VPN it has been manageable.
I've also read that a primary zone should only be hosted in one place, which for my domain is currently at dyndns.org.  So, if I add a primary zone record on an internal server, will I be angering the DNS gods?  Since I don't plan to open up the DNS to the outside, I suspect it doesn't matter.  Am I wrong?
I'm adding the second server in because I'm working a migration of the ML to Mavericks/Server 3 and I am expanding capabiliteis of the network which I plan to host off server2.  I could skip DNS with it but where would the fun in that be?  Oh, and since my third party cert is coming due in about two weeks, this is a good time to start the process. 
It seems my options are:
Skip DNS on the second server and leave the rest of the DNS records alone.
Add a second primary zone on server1 for example.com.  Then add records for the server2 and my linux servers until that zone.
Redo the DNS on server1 and reconfigure services as requried.  I don't mind the workk but data loss would not be acceptable.  I'm guessing that I could shut down services before makind the DNS changes and then bring them back up after rebooting without too many problems (except for re-enrolling devices).
Other options?  I can user server 2 to test option 2 for DNS configuration, but it won't help me with potential loss of service data if I try making the change on server1.
Comments and suggestions are welcome.
Thanks!
Tim

Please make no references to DynDNS here.  DNS is not hosting your domain for you.  They're giving you a pointer from within their DNS servers, which is a very handy way for a dynamic site to not have to refer to whatever IP address your ISP DHCP server most recently coughed up.  That's separate from a DNS registration, and not a domain you should be running DNS services for.
I'd strongly advice against configuring your internal network as "squatting" in one of the DynDNS domains.   Particularly if you might ever obtain static IP, and start working with your own public and private DNS.  You'll just have to undo all that and migrate to a domain you have registered.   Treat DynDNS as a cheap and effective way to get to your firewall for a VPN or related, and plan to replace that as soon as you can utilize static IP.  Put another way, keep control of your own domain and your own registration, and of your own network.
Yes, your zone would be example.com.   Not server1.example.com.
As for your new server, I'd likely set up the new server as a secondary of your existing DNS server, and update your DHCP and local static IP references to refer to both of your DNS servers.  Both configured for the example.com zones; one primary, one secondary.
I'd usually have no references to DNS servers located off your network.  Not explicitly, and probably also not as a DNS forwarder.
I'm also fond of having a VPN server in the gateway firewall for cases such as this, as this avoids the VPN (which wants to identify and maintain the endpoints of the connections) and NAT (which wants to hide the end-points of the connections) from working at cross-purposes.  It also means there are no dependencies on a particular host; your VPN terminates on your private network, as if it were another host on your internal network.
FWIW, stay out of 192.168.0.0/24 and 192.168.1.0/24, given you're planning on using VPNs.  VPNs are based on IP routing, and IP routing doesn't like finding the same subnets on both ends of a connection, and there are a gazillion coffee shops, hotels and home networks in 192.168.0.0/24 and 192.168.1.0/24.  Pick another subnet in 192.168.0.0/16, or somewhere in 172.16.0.0/12 or 10.0.0.0/8; somewhere else in the private blocks.
In addition to the main DNS article referenced above, please also see Suffering DynDNS Confusion when setting up DNS services?

Similar Messages

  • Changing the "Preffered DNS Server" possible?

    hi guys,
    I'm trying to do something pretty obscure here so bear with me:
    I have a Dreamcast and want to go online with it. I've order a Broadband Adapter for it (Yes they did make them for it!) and in order to connect to the private servers (as the official Sega servers went offline in 2007) you need to change the preferred DNS server within the Dreamcasts browser software.
    I tried it on BT Dial Up via the Dreamcasts standard Dial Up Modem but it wouldn't work and upon phoning BT support they told me it wasn't possible.
    So all I want to know is can it be done on Broadband/infinity? I just want to point the DC to another server, not my whole network. It won't mess anything else up right? Thanks for your patience!
    Tony

    The default gateway should be left at 192.168.1.254 (Home Hub default) as that is the path to the Internet. If you set it to obtain the IP address automatically, then the default gateway will be set automatically. I am assuming that you are not using static IP addresses on your network.
    The DNS should be set to manual, and you will need to enter the recommended DNS addresses (normally two of them)
    If it is left to automatic, then it actually defaults to 192.168.1.254, which is not what you want.
    There are some useful help pages here, for BT Broadband customers only, on my personal website.
    BT Broadband customers - help with broadband, WiFi, networking, e-mail and phones.

  • No question, I just wanna say thanks to the person who discovered how to change the correct dns to use FaceTime. The 8.8.8.8. Really work. Genius. Thanks again.

    No question, I just wanna say thanks to the person who discovered how to change the correct dns to use FaceTime. The 8.8.8.8. Really work. Genius. Thanks again.

    solved

  • [svn] 1011: Change for supporting newer version of the concurrent library.

    Revision: 1011
    Author: [email protected]
    Date: 2008-03-28 16:42:52 -0700 (Fri, 28 Mar 2008)
    Log Message:
    Change for supporting newer version of the concurrent library. When you remove, you need to
    provide the return value from the schedule method, not the arg you passed in. The api is
    a litte awkward in this regard in that the return value is not a Runnable but the remove
    method expects a Runnable so this code is a little defensive to be sure no one is using
    a version of the code where the return value is not a runnable.
    Modified Paths:
    blazeds/branches/3.0.x/modules/core/src/java/flex/messaging/util/TimeoutManager.java

    ...It was so bad my English?

  • I wanted to know how can I change the support from UK to Spain. thanks

    I would like to know how can I change apple
    Support UK to apple support from Spain. thanks

    What do you mean "change apple support? Are you referring to the warranty? If the phone was purchased in an E.U. member nation, it can be serviced in ANY EU member nation. If that's not what you mean, you need to explain.

  • [svn:bz-trunk] 20725: Update the ClientConfigurationParser to match the ServerConfigurationParser changes that support destination-include directory-path attribute .

    Revision: 20725
    Revision: 20725
    Author:   [email protected]
    Date:     2011-03-09 10:56:05 -0800 (Wed, 09 Mar 2011)
    Log Message:
    Update the ClientConfigurationParser to match the ServerConfigurationParser changes that support destination-include directory-path attribute.
    Remove the unchecked assignment in ServerConfigurationParser and just cast elements of the list.
    Modified Paths:
        blazeds/trunk/modules/common/src/flex/messaging/config/ClientConfigurationParser.java
        blazeds/trunk/modules/core/src/flex/messaging/config/ServerConfigurationParser.java

    Remember that Arch Arm is a different distribution, but we try to bend the rules and provide limited support for them.  This may or may not be unique to Arch Arm, so you might try asking on their forums as well.

  • TABLES CHANGE DOCUMENTS, SUPPORT MESSAGE.

    Hi Everyone, I'm doing a "Z" report.
    When I Display a support Message,  Extras Menu / Change documents option.  I can see every action that message have.
    In which table I can find this information?
    What are the tables that support message (header and positions) had?
    Thanks in advance.

    Hi
    This is ur ans
    This information is extracted via method read_change_docs of class cl_crm_component_change_docs. You can test it in transaction SE24 passing the transaction GUID as value for IV_OBJECT_ID.
    The transaction GUID can be found in table CRMD_ORDERADM_H.
    And can be found here
    Report to show changes of supportdesk mgs
    Regards
    Prarkhar

  • Change Apple Support User Name

    Does anyone know how to change my Apple Support user name in Apple Support Communities?

    Hi,
    Niel's answer may not be the one you want to hear or see but it does succinctly give you the answer you are looking for.
    Users cannot change their own Posting name here at Apple Support Communities under the current software used to run the Boards.
    In rare cases it has been know that the Hosts have intervened (this fall inside their criteria which we can only guess at, but seems to be linked to Privacy and Cyberstalking or harassment).
    9:51 PM      Sunday; June 24, 2012
    Please, if posting Logs, do not post any Log info after the line "Binary Images for iChat"
      iMac 2.5Ghz 5i 2011 (Lion 10.7.2)
     G4/1GhzDual MDD (Leopard 10.5.8)
     MacBookPro 2Gb (Snow Leopard 10.6.8)
     Mac OS X (10.6.8),
    "Limit the Logs to the Bits above Binary Images."  No, Seriously

  • Migration on windows server 2003 to 2012 r2 by using IIS 6.0 what are parameters are changed means supported and non suported parameters and configurations?

    In my project am going to migrate windows server 2003 to 2012 r2 by using IIS 6.0? what are the parameters are changed and what are the parameters are not supported and what are the modules need to change?
    Please give the related answer as soon as posssibule. that is more help for me?
    Thanks,
    vamsikrishna.

    1. This seems to be incomplete description.
    2. You can enable legacy technologies while installing roles and features.
    3. For application pool(s) you should consult respective developer/vendor team(s) for help.
    Regards
    Milos

  • Important Forum Changes - Technical Support Options

    If you have questions about using WP 8.1 or need technical assistance please post your question to the
    Windows Phone Preview OS Issues forum.
    For more details about the changes please read this post: Move of Preview OS
    Issues Forum to MS Community
    -Eric
    Windows and Windows Phone Dev Center Support
    Send us your feedback about the Windows Platform

    Updates are approved for phones based on their original intended country of sale and the carrier that they were originally sold through. There is not one Lumia 820 (my old phone), for example, but dozens of different versions - in the UK there
    are 4 variants, a 'country variant' that was sold on the open market, plus carrier-specific versions for O2, Vodafone and EE. The Country Variant phone gets updates when
    all of the carriers in that country have approved the new update; the carrier-specific ones get an update when that carrier has approved it.
    It appears that for phones originally sold in India, there are no carrier-specific versions. See
    http://www.microsoft.com/en/mobile/support/software-update/wp8-software-update/wp8-availability-in-asia-pacific for information.
    The Lumia 810 was designed for, and only sold through, T-Mobile USA. They reportedly have refused to test and approve any updates.
    http://www.microsoft.com/en/mobile/support/software-update/wp8-software-update/availability-in-north-america/ shows that 8.0.10327.77 is the latest version available (Windows Phone 8 Update 2 aka GDR2).
    You should still be able to enrol the device in the Preview for Developers programme, to bypass the normal checks for end users. Go to
    https://dev.windows.com/en-us/develop/phone-updates for the procedure to do this. Originally, the App Studio registration only allowed you to enrol one phone, but I can't see anything confirming
    this.

  • Changing the default dns server

    I have edited the file /etc/resolv.conf and added the nameserver of the google public dns.  How can i verify if google dns are used?

    Install dnsutils.
    [bill@Jeremiah ~]$ pacman -Ss dnsutils
    core/dnsutils 9.9.2.P1-1 [installed]
    DNS utilities: dig host nslookup
    [bill@Jeremiah ~]$ dig www.google.ca
    ; <<>> DiG 9.9.2-P1 <<>> www.google.ca
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43374
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 512
    ;; QUESTION SECTION:
    ;www.google.ca. IN A
    ;; ANSWER SECTION:
    www.google.ca. 300 IN A 173.194.75.94
    ;; Query time: 74 msec
    ;; SERVER: 8.8.8.8#53(8.8.8.8)
    ;; WHEN: Fri Feb 1 14:03:13 2013
    ;; MSG SIZE rcvd: 58
    This is the output of my machine which is set to use Google DNS.  Notice the "SERVER" part: 8.8.8.8 which is Google DNS.
    Also, once you've edited resolv.conf then a reboot may overwrite your settings.
    Put:
    nameserver 8.8.8.8
    nameserver 8.8.4.4
    In it for Google DNS, THEN:
    sudo chattr +i resolv.conf
    To make it immutable so no other program can overwrite (change) the file.  If you ever want the file to be changeable again "chattr -i resolv.conf"
    Last edited by headkase (2013-02-01 17:41:22)

  • Change in SharePoint DNS breaking remote authentication code through office 365 login

    Hi,
    I have a website that connects to a SharePoint online site in order to access content from there. The authentication is done through the Office 365 login. In order to do that, I composed the following URL:
    "https://login.microsoftonline.com/login.srf?wa=wsignin1.0&rpsnv=3&rver=6.1.6206.0&wp=MBI&wreply=https://www10226.sharepoint.com/_layouts/15/landing.aspx?Source=" + window.location
    so that the window.location is returned to after the authentication is done. It worked so far, but today I encountered the following problem: https://www10226.sharepoint.com now says page cannot be found, DNS lookup failed. Apparently the correct
    address is now https://www10501.sharepoint.com . Does anybody know about this sort of change? Is it a one time thing or it happens on a regular basis? How can I get the right DNS dynamically so my code won't be affected by changes like this
    one in the future?
    Any help is highly appreciated.

    Hi, Jason, and thank you for the answer.
    I am not the global administrator. The problem is that I want an universal problem for any SharePoint Online site that will be accessed by the users - A link like the one above, authenticating the user to SharePoint Online via Office 365 and then returning
    to my website.
    I composed the URL above by simply looking at what redirects Office 365 does when I try to log in into my SharePoint Online site. At that moment I understood that wreply=https://www10226.sharepoint.com/_layouts/15/landing.aspx
    was an universal authentication endpoint, but then the address changed and it was https://www10501.sharepoint.com,
    and currently it is https://www10706.sharepoint.com
    . I am confused by these changes. Do you mean to tell me that this part www10706 is specifically only to one SharePoint Online site and that if you tried to authenticate to a different SharePoint address than mine, it wouldn't work? If so, how should
    the URL be in order to achieve what I want, authentication and returning to website, having the security token attached to the request?
    I came across this article http://community.office365.com/en-us/w/domains/sharepointcname.aspx, but I am unsure whether it has to do with the changes I am experiencing. I tried putting the SharePoint address inputted by the user in the wreply parameter
    (such as wreply=https://www.ALIAS.sharepoint.com) but after
    the authentication it just remains on the SharePoint page, without returning to my website.
    Please advise, I need to find a solution to this.
    Cheers!

  • Changing host and DNS on OAS9i please help ASAP

    I am working on a win2000 Advanced server with Oracle 8i enterprise edition and OAS9i.
    I have a running webserver that I want to change its name and DNS to become a subdomain (i.e it was http://www.xxxxxx.net to become http://zzzz.yyyyyy.com).
    I have changed the computer's name and DNS, and I have made changes to all files *.ora *.cfg and *.conf related to the server naming(ex. httpd.conf, formsweb.cfg, listener.ora, tnsnames.ora,etc) in both homes(ora81 and ora806).
    The apache, forms & reports servers plus windows services are all running after the change, but I am not able to enter my web application. I get an exception after entering the username and password.
    The exception is a FRM92100:
    Java Exception
    sun.applet.AppletSecurityException:checkconnect.networkhost2 and many lines that follow.but I think this is the location of the main exception.
    Does anyone have an idea how to solve this problem?
    Thank You.Please reply to me ASAP.

    Dear Mr.Parekh,
    I looked at the notes, but unfortunately I am using OAS 9i release 1 (1.0.2.2).
    I didn't try to implement what the notes said since there may be an incompatibility problem with versions.
    Looking again for your help.
    Thank You.
    Michel

  • Hi, how can i change the support mail for iforgot?

    Hi my name is Yugui im from México, when i started using itunes and app store i was working for other company than my actually workplace.
    so at that time i used my works email acount ([email protected]) for the security in iforgot.
    today i cannot change it because i dont remember the answers to may security questions.
    i dont know how to change my security email sopport acount.
    my apple id is [email protected]
    can you help me please, also a can´t purchase nothing in itunes.
    I DONT HAVE AND DONT USE THE EMAIL ACOUNT [email protected] ANY MORE
    THANKS

    You may be able to contact Apple via phone and have them reset your security questions.
    http://www.apple.com/support/itunes/contact/
    Choose to "Contact iTunes Store Support" and then the appropriate options relating to security questions.
    Best of luck.

  • Change Connection broker DNS suffix

    Hi all,
    I have VDI infrastructure inside local domain. I want to change DNS suffixes of VMs and RD servers to external domain name and attach external wildcard certificate to connection.
    Everithing is OK with VMs but when I tried to change DNS suffix for Connection Broker Server I got following error in sever manager:
    The following servers in this deployment are not part of the server pool:
    1. <Old FQDN of server>
    The server must be added to the server pool.
    If  I add server with old FQDN in All Servers section by DNS search even if it cannot find anything then I can view RD deployment properties but I can't change RD Connection Broker name.
    How to correctly change RD server's DNS suffix?

    Hi Sergey,
    When you need to change the name of the broker in a non-HA RDS deployment, you essentially need to wipe and re-create the RDS deployment.  For example, remove all RDS servers from the deployment (except broker) , remove RDCB Role Service (which
    effectively wipes out the deployment), rename the broker server, create a new RDS deployment, then add all the other RDS servers back into the deployment.
    In many cases people do not want to rename their internal servers, so what you can do is change the published FQDN using the script below:
    Change published FQDN for Server 2012 or 2012 R2 RDS Deployment
    https://gallery.technet.microsoft.com/Change-published-FQDN-for-2a029b80
    -TP

Maybe you are looking for