all site content copyright © chris rue. all rights reserved. any reproduction, re-use or summarization of any kind without prior written consent is prohibited.
November 23, 2008

DNS Settings The Essential Business Server Way

As every good admin knows, a healthy DNS infrastructure is the second most-important aspect of a reliable network. Based on my own experience in the field, DNS has to be the least understood, and most commonly misconfigured service, on any given network.

And if DNS is wrong, then that network will have problems. No argument about that.

If your DNS is sick, then your whole network is sick. Even if you don't know it yet!

Since the configuration of EBS is based on the best practices recommended by Microsoft, it stands to reason then that the way EBS configures DNS is a good model, right?

Here are the DNS settings for the internal network adapter of each of the core EBS servers…

  • Management Server (DNS server, domain controller, PDC emulator)
    • DNS1 = (localhost)
  • Messaging Server (DNS server, domain controller)
    • DNS1 = IP address of Management Server
    • DNS2 = IP address of Messaging Server
    • DNS3 = (localhost)
  • Security Server (Edge security)
    • DNS1 = IP address of Management Server
    • DNS2 = IP address of Messaging Server

Yes, the Security Server also has an external adapter. But there shouldn’t be any DNS servers defined on that adapter, since that would kinda defeat the whole purpose of even having a Security Server.

The Management and Messaging servers should be the only ones handling DNS queries in an EBS network. If something isn’t located in their databases, then they should also be the only machines going out and getting the info from the big bad world, using either root hints or forwarders.

Speaking of forwarders, OpenDNS pretty much rocks.

In a semi-related story, anyone able to tell me the most important aspect of a reliable network?

|| posted by chris under it pro, mid-market it, rx || comments (4) || ||


  1. Time!

    comment by Jason Miller — November 24, 2008 @ 10:57 am

  2. @ Jason…

    Absolutely, my man.

    Thinking some folks might argue that a good cable plant is El Numero Uno.

    And I’d have a tough time disagreeing with that argument, until I think about what happens when time gets out of whack on a network, especially one with AD on it.

    At times like that, you pray it’s only the cabling…

    comment by chris — November 24, 2008 @ 11:07 am

  3. Change Management (and not using your production network for testing!).

    comment by Chris Knight — November 26, 2008 @ 1:53 am

  4. @ Chris K…

    Agreed. Both of those fall under a catchall I like to call “The all-important habit of not being a dumbass wiht your network.”

    comment by chris — November 26, 2008 @ 6:58 am

rss feed for comments on this post. | trackback:

leave a comment

XHTML ( You can use these tags): <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> .