Practical Backup DNS

Similar Messages

• How do I create a backup DNS server?

  Hi All,
  I've got my production server (Xserve Intel) running 10.6 and it is our primary DNS server. I've gotta take it down to do some work on it, but by doing so, no one in the organization will be able to access the internet.
  I'd like to set up my old Xserve (G5, running 10.5) as a backup DNS server that can handle the DNS requests whenever I need to take the main server down. Unfortunately, I'm kind of a DNS n00b.
  What is the best way to go about this?
  Thanks,
  Chris

  Oh, quite embarrassing. I complained about not understanding the author of the article when I was actually speaking to the author. How rude! Apologies, kind sir.
  I've now got it set up correctly with your help, it seems. I've just got a few other questions regarding the Secondary DNS Server if you don't mind:
  1) Do I set any forwarder IP Addresses on the secondary server? Should I put the same forwarders that I use on my primary, or should I put the IP address of my primary in there, or should I just leave it blank?
  2) *Edit - Ignore question 2; found the answer in your guide*
  3) When I look at the secondary zones, they don't seem to be populated with any data. . . Does this mean that the secondary server is completely reliant on the primary server to function correctly? In other words, *when I take my primary server offline, does the secondary server still work?*
  Thanks,
  Chris
  Message was edited by: cscrofani

• IronPort ESA best practice for DNS servers?

  Hello!
  Is there a best practice for what servers should be used for the Cisco IronPort DNS servers?
  Currently when I check our configuration, we have set it to "Use these DNS servers" and the first two are our domain controllers and last two are Google DNS.
  Is there a best practice way of doing this? I'm thinking of selecting the "Use the Internet's Root DNS Servers" option as I can't really see an advantage of using internal DC's.
  Thoughts?

  Best practice is to use Internet Root DNS Servers and define specific dns servers for any domain that you need to give different answers for. Since internal mail delivery is controlled by smtproutes using internal dns servers is normally not required.
  If you must use internal dns servers I recommend servers dedicated to your Ironports and not just using servers that handle enterprise lookups as well. Ironports can place a very high load on dns servers because every outside connection results in multiple dns lookups. (forward, reverse, sbrs)
  If you don't have enough dns horsepower you are susceptible to a DOS attack either through accident or design. If the Ironports overload your internal dns servers it can impact your entire enterprise.

• Sles11 named as OES2-Backup-DNS?

  Hi,
  I was wondering if it would be possible to use the named service of a Sles11 to work as a backup server for our OES2 DHCP/DNS setup?
  I mean, novell-named is not all that different to the default Linux one, right?
  If so, how would I go about doing that?
  Thanks for your help!

  Originally Posted by amacher
  Hi,
  I was wondering if it would be possible to use the named service of a Sles11 to work as a backup server for our OES2 DHCP/DNS setup?
  I mean, novell-named is not all that different to the default Linux one, right?
  If so, how would I go about doing that?
  Thanks for your help!
  DNS would be easy. Create the zone as a slave zone on the sles box, point it to the master, all done.
  DHCP is a different issue. OES has a DHCP Failover option, but to properly use the SLES as a DHCP back for OES, you would probably have to cluster the two servers and then the dhcp service. DHCP failover may work, but I haven't mixed environments like that while trying to implement that option.

• Backup DNS Records

  Afternoon, 
  Is there a way to create a back-up A record in order to provide redundancy? 
  I'm currently in the middle of setting up a DR site and looking to find a way to have a set of DNS record pointing at existing servers host name but with different IP addresses so in the event that we require to bring a replicated server up at the DR site
  the DNS record would automatic switch over after the TTL has expired on the primary link. 
  our DNS service runs on a windows server 2012 environment in a cluster of 3 servers for redundancy. 
  Thanks

  To answer/address the question about the same records with different IPs, unfortunately it doesn't work that way with AD. The IPs registered are absolute for the service locations, and they must be consistent across the organization for AD DC to DC communications
  including replication, and client to DC communications. If you attempt to alter them, it will cause numerous errors and additional headaches that I'm sure you do not want to deal with.
  Just setup two DCs at the DR, do not make them GCs. Just make them GCs in case a down issue occurs. Depending if you have 3 or more sites, this may also require to make individual site links for each site and disable BASL. The reasons are long winded,
  but it's technically how AD works. You can design around it, but you can't mess with DNS. And keep in mind, just because they are up, services and client apps may not be so forgiving to "see" the DR servers until they've been restarted.
  So there's more to this than it appears.  
  You can read up in this stuff in the following link:
  AD Site Design, DNS & the DC Locator Process, and Auto Site Link Bridging, or Bridge All Site Links (BASL)
  http://blogs.msmvps.com/acefekay/2013/02/24/ad-site-design-and-auto-site-link-bridging-or-bridge-all-site-links-basl/
  The blogs below discusses:
  WINS NetBIOS, Browser Service, Disabling NetBIOS, & Direct Hosted SMB (DirectSMB). Troubleshooting the browser service.
  Client side resolution process chart.
  The DNS Client Side Resolver algorithm.
  If one DC or DNS goes down, does a client logon to another DC or use the other DNS server in the NIC?
  DNS Forwarders Algorithm and multiple DNS addresses (if you've configured more than one forwarders or more than one IP in the NIC's DNS list)
  Client side resolution process chart
  Published by Ace Fekay, MCT, MVP DS on Nov 29, 2009 at 10:28 PM  1764  1
  http://blogs.msmvps.com/acefekay/2009/11/29/dns-wins-netbios-amp-the-client-side-resolver-browser-service-disabling-netbios-direct-hosted-smb-directsmb-if-one-dc-is-down-does-a-client-logon-to-another-dc-and-dns-forwarders-algorithm/
  Ace Fekay
  MVP, MCT, MCSE 2012, MCITP EA & MCTS Windows 2008/R2, Exchange 2013, 2010 EA & 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
  Microsoft Certified Trainer
  Microsoft MVP - Directory Services
  Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php
  This posting is provided AS-IS with no warranties or guarantees and confers no rights.

• Redundent mail server setup (backup mail server)

  i have been reading all the post of setting up a mackup postfix server. i have looked at the configuration files and have a second machine ready to be implemented but have some questions on how exactly the backup works. my current setup is:
  - xserve1 with 10.4.3 OD master running mail, web, dns, ichat, ftp, host name is mail.mydomain.com
  - xserve2 with 10.4.3 (i will make this replica) running web and backup dns
  - G4 466MHz with 10.4.3 Server running mail and web, host name is mail2.mydomain.com (this is to bemy postfix backup server)
  all 3 are behind a firewall with NAT. they have local LAN IPs with NAT to 3 separate WAN IPs and open ports for the needed services.
  my first question is: do i need to run dns as well on mail2.mydomain.com?
  while i understand that mail stays in the queue on the postfix backup, does that mean that while mail.mydomain.com (primary mail server) is down users will not be getting any mail? can the users actually login to the mail2.mydomain.com and if yes how do they authorize?
  should i keep mail2.mydomain.com as a standalone or make it part of the directory?
  any info is appreciated.
  thanks
  martin
  xserve G5   Mac OS X (10.4.3)  

  don't mail servers hold mail for days anyway and keep
  retrying and when our mail comes back up will get all
  the mail?
  Yes, they typically do (unless some braindead administrator has configured his server to try only for a few hours or so).
  i assume there is no difference if my
  backup mail server runs on 10.3.9 then?
  None whatsoever.
  - is there a practical way to set up a mail that
  clinets can login to and check mail while the primary
  server is down?
  Practical? No.
  can the backup server forward as well
  while it holds to the queue?
  Why would you want that? Where should it forward to if the primary is down? As soon as the primary is up, the secondary will forward to i.
  the last time i had some
  coruption and problems with reconstruct (which you
  helped me with), we were down for 24 hours. i am
  trying to avoid this. i have an image and i run
  mailbfr to backup i assume i can use that in case of
  harware failure or massive os corruption that may
  take hours to fix.
  If push comes to shove this may help. Although images are never too brilliant for mail services recovery.
  my problem is that if this happens
  during the week, during daytime we cannot really
  afford to be down at that time.
  This is really your call. Only you can decide how much money you want/need to throw at resilience. But if you decide you cannot afford more than an hour of downtime, you will need far more than an onsite secondary mx
  Alex

• Best Practices for AD and Windows Environment

  Hello Everyone,
  I need to create a document having the best practices for AD containing best practices for DNS, DHCP, AD Structure, Group Policy, Trust Etc.
  I just need the best practices irrespective of what is implemented in our company.
  I just need to create a document for analysis as of now. I searched over the internet but could not find much. I would request you all to pour in your suggestions from where i can find those.
  If anyone could send me or point me the link. I am pretty new to the technology, so need your help.
  Thanks in Advance

  I have an article where I shared the best practices to use to avoid known AD/DNS issues: http://www.ahmedmalek.com/web/fr/articles.asp?artid=23
  However, you need first to identify your requirements and based on these requirements, you can identify what should be implemented on your environment and how to manage it. The basics here is that you need to have at least two DC/DNS/GC servers per AD domain
  for the High Availability. You need also to take a system state backup of at least one DC/DNS/GC server in your domain. As for DHCP, you can use 50/50 or 80/20 DHCP rule depending on your setup.
  You can also refer to that: https://technet.microsoft.com/en-us/library/cc754678%28v=ws.10%29.aspx
  This posting is provided AS IS with no warranties or guarantees , and confers no rights.
  Ahmed MALEK
  My Website Link
  My Linkedin Profile
  My MVP Profile

• How to get WAN DNS when set up Airport Extreme on Windows

  I am trying to set up my home network by using Airport Extreme Base to connect DSL via PPPoE. Here's what I did:
  1. Update firmware to latest version: V5.7;
  2. Install Airport Setup 4.2;
  3. Run Setup Assistant, enter the right DSL account and password by using PPPoE, also setup base name, network name and base password, and DSL service provider's DNS ip, backup DNS ip;
  4. Everything gets updated into base station, restarted, local wireless network set up successfully, but can not connect to WAN;
  5. Tried ipconfig/all, find DNS is 192.168.1.1;
  6. Tried to dial DSL from computer via PPPoE directly, validated account and password is ok, and it is working well to get me to internet.
  Can someone here help me solve my issue?
  Dell D600 Windows XP Pro

  I figure out answer by myself now. I would like to share it with you all here: firmware V5.7 has some major bug causes the problem. When I update my base station with firmware V5.5.1, it works right away.

• Can I use a single external drive to maintain time machine backups for two Mac computers?

  Hello
  We have an older mac mini and macbook air.  I have one Western Digital external USB drive.  Can I use the same drive to hold and maintain time machine backups for both machines?
  I already have the macbook air time-machined on the WD drive.  I now want to backup the mac mini onto the same drive.  Is it going to over write the time machine backup or is the software smart enough to maintain two separate files, partitions, whatever it does..?

  It will maintain separate backups. Note that it's generally advisable to use separate drives for best practice backup, but yes, it will work for both computers, provided you have enough space (need generally 2-3 times the total used file space for both Macs).
  Matt

• Hardening Guide for DNS

  Are there any guides to hardening/best practice for DNS Server role?     We are running Windows 2008 R2.
  Thanks in advance

  Hello Sabo_e,
  Check this link. This might be helpful to you.
  http://technet.microsoft.com/en-us/library/cc526450.aspx
  http://technet.microsoft.com/en-us/library/ee649266(v=ws.10).aspx
  You can also check this link as a general guideline
  http://technet.microsoft.com/en-us/library/cc526440.aspx

• Database Administration - Best Practices

  Hello Gurus,
  I would like to know various best practices for managing and administering Oracle databases. To give you all an example what I am thinking about - for example, if you join a new company and would like to see if all the database conform to some kind of standard/best practices, what would you look for - for instance - are the control files multiplexed, are there more than one member for each redo log group, is the temp tablespace using TEMPFILE or otherwise...something of that nature.
  Do you guys have some thing in place which you use on a regular basis. If yes, I would like to get your thoughts and insights on this.
  Appreciate your time and help with this.
  Thanks
  SS

  I have a template that I use to gather preliminary information so that I can at least get a glimar of what is going on. I have posted the text below...it looks better as a spreedsheet.
  System Name               
  System Description               
       Name      Phone     Pager
  System Administrator               
  Security Administrator               
  Backup Administrator               
  Below This Line Filled Out for Each Server in The System               
  Server Name               
  Description (Application, Database, Infrastructure,..)               
  ORACLE version/patch level          CSI     
            Next Pwd Exp     
  Server Login               
  Application Schema Owner               
  SYS               
  SYSTEM               
       Location          
  ORACLE_HOME               
  ORACLE_BASE               
  Oracle User Home               
  Oracle SQL scripts               
  Oracle RMAN/backup scripts               
  Oracle BIN scripts               
  Oracle backup logs               
  Oracle audit logs               
  Oracle backup storage               
  Control File 1               
  Control File 2               
  Control File 3                    
  Archive Log Destination 1                    
  Archive Log Destination 2                    
  Datafiles Base Directory                    
  Backup Type     Day     Time     Est. Time to Comp.     Approx. Size
  archive log                    
  full backup                    
  incremental backup                    
  As for "Best" practices, well I think that you know the basics from your posting but a lot of it will also depend on the individual system and how it is integrated overall.
  Some thoughts I have for best practices:
  Backups ---
  1) Nightly if possible
  2) Tapes stored off site
  3) Archives backed up through out day
  4) To Disk then to Tape and leave backup on disk until next backup
  Datafiles ---
  1) Depending on hardware used.
  a) separate datafiles from indexes
  b) separate high I/O datafiles/indexes on dedicated disks/lungs/trays
  2) file names representative of usage (similar to its tablespace name)
  3) Keep them of reasonable size < 2 GB (again system architecture dependent)
  Security ---
  At least meet DOD - DISA standards where/when possible
  http://iase.disa.mil/stigs/stig/database-stig-v7r2.pdf
  Hope that gives you a start
  Regards
  tim

• Backup/Restore services settings with serveradmin

  Hi,
  I try to make a script to backup my services settings.
  No problem for backup this informations, but the problem is for restoration. It appears that nothing works ...
  For exemple, if I backup dns config like this : +serveradmin -x settings dns > config_DNS.bk+, then I delete a primary zone and try to restore config : +serveradmin settings < config_DNS.bk+, the primary zone isn't recreate.
  The only workaround I have found, it's to replace (via sed) in the backup file <key>configuration</key> by +<key>DNS Config</key>+ and restore it via the Server Admin GUI.
  Somebody confronted with similar problem ?
  Thanks in advance.
  Stéphane

  Have you tried just using the Export (& Import) features that are built into Server Admin (In the Server menu)?

• DNS configuration for GSS

  Hi,
  I am newbee to GSS. I would like to deploy the GSS in my datacenter.
  I would like to know the DNS configuration example for domain.
  ex:
  www.abc.com
  What records need to configured with detail script. beacause i dont have experience in DNS server configuration.
  I am looking for positive update.
  Regards
  sateesh kumar.k
  i

  Typical flow is as follows
  1. Client will hit their DNS servers (configured on their machines as primary/backup dns server).
  2. "Client's DNS server" will query "DNS server authoritative for abc.com" for www.abc.com.
  3. "DNS server authoritative for abc.com" will ask "client's DNS server" to query "GSS - Authoritative for www.abc.com"
  4. "Client's DNS server" will query GSS for www.abc.com.
  5. GSS will send the ip add of www.abc.com (which should be configured on ACE as VIP).
  6. "Client's DNS server" will handover this VIP to client
  7. Client will hit the VIP configured on ACE (for application www.abc.com).
  Syed iftekhar Ahmed

• OS X Server, Internal DNS and Apple Airport Extreme

  OK,
  There must be a way to do this. I cannot believe that this simplist of functions to a Wireless Router would have been missed off the new range of Airport devices.
  I have an OS X Server, serving DNS internally and forwarding lookups to the Airport which forwards on externally.
  Trouble is I want the Airport to connect to PPPoE and serve the guest network with DHCP and DNS but let my server do DNS on the internal network.
  Why is there not a simple box in setup utility that says "use this DNS server on the local DHCP network" or something a long theose lines. It seems mad that Apple have overlooked this, I can only say I am missing something.
  I have tried setting up a small range and putting in reservations but this limits your guest network to the same limited range so you end up with only room for two or three guests, this solution won't work for me.
  It seems stupid to put the ApE into Bridge mode as I can then not have a guest network and I shouldn't have to have two boxes to acheive what I am looking for.
  Rant over, any other help or solutions appreciated.
  Regards to all
  TMA.HA

  @MrHoffman
  Agreed, the Guest network will not have access to the local range. I missed that part.
  In my setup, the second DNS is google server because i don't want the internet to stop working if the local server is not operational, this way at least Internet will be available.
  - Client contacts Primary DNS, If it fails to reach it, it will go to the secondary. Well, to be more accurate, the OS will choose the fastest DNS server it can reach first. Ideally that would be the local server.
  In a normal day when everyting is up and running:
  - Client contacts the Primary DNS (OSX Server DNS), if the query is a local DNS record , it will serve the IP.
  - If the query is not a local record, it will send it to the forwarder DNS server defined in the DNS service (ISP DNS or Google DNS)
  For the guest network, It would be worth checking to do the following:
  - Add a second Wifi network interface on the server and connect it to the guest network IP address.
  - On the AirPort Extreme, put the Guest network IP address of the OSX Server in the secondary DNS field.
  In this case the guest clients will always try to reach the local network DNS first and then failover to the guest network IP of the DNS server.
  @piperspace
  Well, a home router is already working as a local DNS server that tries to resolve locally then forwards to an external DNS server when it cannot resolve the name.
  Primary and secondary in an enterprise space will surely be a main and a backup and both contain the same name spaces. But the point here was about home use and therefore the purpose will be a backup DNS server for the internet at least.

• OD replica, DNS secondary zone, server will not resolve itself

  We are testing an OD replica to run in a separate location from our OD master. Master OD and DNS is all set and working as expected. Separate location network user connections and DNS all work as expected when calling the OD master and DNS primary zone. The OD replication works fine. I want to use the same machine as a DNS secondary zone getting its records from the DNS on the OD master. DNS secondary zone seems to pull the records from the primary without trouble.
  In testing the secondary DNS without forwarders or backup DNS systems, known internal addresses are resolved by the clients correctly. The issue that I am trying to resolve is that server will not resolve itself. I have the System Preferences / Network / DNS pointed to 127.0.0.1. The DNS is resolving for the clients. Running changeip -checkhostname gives
  "The DNS hostname is not available, please repair DNS and re-run this tool."
  If I ask a client to browse to the server's web site it resolves fine and I get the default page as expected.
  With all of the above in mind, binding a local client to the OD replica and pointing the clients' DNS at the DNS secondary zone results in failure of the bind and the client saying that the server is not responding. If the DNS on the client is pointed to the DNS primary zone, the bind works fine and everything behaves as expected. Pointing the Server to the DNS primary zone resolves the problem as well and it is able to resolve itself.
  The problem is that if our connection to our primary site goes down, I want everything to function independently at the second location. If the primary DNS zone is gone the OD replica server cannot resolve itself and authenticaion then does not happen making the OD replica pointless.
  Any ideas?
  Thanks.

  Found it. I did not copy the reverse mappings from the primary DNS zone.
  On the primary zone
  - In Server.app/DNS/ select show all records in the gear
  - double click reverse header for each subnet and indicate to allow zone transfer for the reverse records
  On the secondary zone
  - Add additional secondary zones for the exact title of each reverse record zone
  - example main records are FQDN.com
  - reverse records are 2.81.10.in-addr.arpa for the items in the 10.81.2.0 subnet
  OD replica now resolves itself.