DNS – One Server (Does Not) Fit All

Hi!  If you’ve been reading about DNS on my blog, you probably understand the importance of having DNS services, you have some idea about why you might want to run your own DNS server, and you realize that protecting your online brand means protecting your domain registration.  What I’d like to talk about this time is how many DNS servers you should plan to operate.

BIND, which stands for Berkley Internet Name Daemon, is a DNS server that’s been designed to be able to provide every kind of DNS service you might need.  It is the most commonly and widely used DNS server in the market, and it’s also open source and free.  Technically speaking, you could theoretically run a single BIND server that hosts your internal domain, and provides your users and customers with a DNS resolver.  A lot of organizations with limited resources start out this way.  But even if you’re forced to start out with a setup like this, it’s not a good idea to keep it like this.

The problem with a one-server-fits-all approach is that if anything happens to degrade your DNS server’s performance, you can impact all of your DNS services.  The DNS protocol is designed to run a distributed service with multiple servers sharing the load and making the DNS services very resilient.  By splitting the service up among several servers, you insure that a problem with one server does not impact your entire DNS infrastructure.

Continue reading

Advertisements

Leave a comment

Filed under DNS

What You Should Know About Domain Registration

There are a lot of companies out there who will offer to help you register your own domain.  I’ve mentioned a few of the bigger names, such as Verisign, Dotster, and GoDaddy.  Often a hosting provider or an ISP will provide you with domain registration services as a reseller.

I’m going to assume for now that you’ve selected a domain name and that you know which top-level domains (TLD’s) you want to register your name in.  Examples of top-level domains are .com, .net, .org, .info, .me, etc.  If you’re not sure about your options, see the list of valid TLD’s .  Each TLD is represented by its own domain registry, which is operated by an entity called a registrar.  In most cases, you won’t be dealing directly with the registrar — you’ll most likely be dealing with a company that partners with the registrar to provide registration services.

This is where you need to be very careful.  Sometimes when a third-party registration service  provider registers a domain on your behalf, they effectively control your domain as the administrative contact.  For example, domain registration provider Tucows has a business model where they only deal directly with the reseller and not with the domain owner.  This could put you in a very bad position if you need to make changes to your domain or if your domain isn’t renewed properly by the reseller.  Imagine the trouble you’d have if your domain registration expired and the reseller went out of business a year earlier or doesn’t return your phone calls.  I’ve seen it happen.

Make sure you’re doing business with a reliable registration service provider and that you have complete control over your domain registration.  Don’t ever risk having your domain expire because of a reseller’s billing error.  Cheaper is not necessarily better if your domain is effectively being held hostage.

Continue reading

Leave a comment

Filed under DNS

So You Need A DNS Server?

In a previous blog post, I talked about why you should care about DNS. Now I’d like to talk about whether you need your own DNS server or not and what your options are.

Like I said before, most people don’t need to know much.  They don’t own their own domain name and they use whatever DNS servers their Internet Service Provider gives them to use.  Most of the time, that’s completely transparent to the end-user.

But if you’re running a business, you probably need to own a domain name and you might not want to use your ISP’s DNS servers for various reasons.  If you’re a geek, you might want your own domain and DNS server just because.  Why wouldn’t you just use whatever DNS server your ISP gives you to use?

  • You need your own domain name.  You want to provide your customers and your employees with branded web, email, or other network services.
  • You have an isolated network.  Your internal network may not be directly connected to an internet connection, but you still need to provide internal network services to your employees.
  • You want or need more control over your DNS service than your ISP provides.
  • Your ISP doesn’t provide DNS hosting services for your domain.
  • You can’t or won’t trust your ISP’s DNS services.  (Just why are you using that ISP?)
  • You’re paranoid, you’re wearing a tin-foil hat, and you’re proud of it.
  • You’re a geek and it’s a (“fun”) learning experience.

Continue reading

2 Comments

Filed under DNS

Blog Buffer

It’s been awhile since my last blog update, which leads me right into today’s topic.

It’s no secret that successful blogs update regularly, which I am still trying to manage.  I had intended to post updates over the weekend, but life and a family emergency got firmly in my way and the updates never happened.  Since WordPress allows blog posts in advance, the issue boils down to content, content, content.

Cartoonist and author Howard Tayler of Schlock Mercenary is famous for his “buffer”.  He writes, draws, inks, and colors strips on a schedule well in advance.  In all the time I’ve been following the strip I have never seen him miss an update because he didn’t have content ready to go.  I see plenty of blogs that update daily without fail, so I’m sure they follow a similar routine.  The question is not if you will need a buffer of content ready to post, but when.

I don’t know when I’m going to get my blog buffer in place, but I know I need it.  Do you have a blog buffer?  How far out in advance do you schedule your blog updates?  Please leave comments here!

Leave a comment

Filed under Social Media

Review: “Python Cookbook” by David Beazley and Brian K. Jones; O’Reilly Media

http://shop.oreilly.com/product/0636920027072.doThe “Python Cookbook” is a book that brings the Python scripting language to O’Reilly’s popular “Cookbook” format.  Each Cookbook provides a series of “Recipes” that teach users common techniques that can be used to become productive quickly and as a reference to those who might’ve forgotten how to do something.

I reviewed this book in the Mobi e-book format.  Reading it on Kindle for PC, the Table of Contents only shows the major sections rather than the individual recipes and this made it harder to find what I was looking for.  This is apparently a limitation of Kindle for PC, since my Kindle 3 and Kindle for Android had no such issue.

When I use an O’Reilly “Cookbook”, I judge it according to its’ usefulness:  Can I become productive quickly?  Is it easy to find what I need?  Does it provide helpful tips?  Does it teach me where to find the answers to my questions?  Yes to all of the above.

This book is not targeted at new Python programmers, but that’s where I’m at.  The best way for me to learn a new scripting language is to dive right in and try to write something useful, and that was my goal for the “Python Cookbook”.  I also had “Learning Python” handy to cover any of the basics.

My first Python script was written to read in lists of subnets from two separate files and check that every subnet in list B was also in list A.

I used Recipe 13.3 to parse the command line options.  Recipe 5.1 showed me how to read and write files.  Recipe 2.11 taught me how to strip carriage returns out of my lines.  Recipe 1.10, “Removing Duplicates from a Sequence while Maintaining Order”, was very helpful and I was able to reuse the code in my own script.  Recipe 2.14, “Combining and Concatenating Strings”, helped me with my print statements.  Considering this was the first Python script I ever wrote and that it ran, I consider both it and the “Python Cookbook” a success.

I had a bit more trouble with my second script.  I was trying to write a script to find the subnet address given an interface address in CIDR notation.  Recipe 11.4 introduced the ipaddress module, but this module refused to accept a string variable containing the interface in CIDR notation.  I ended up installing another module (netaddr) I found via Google and things went better after that.  I suspect the problem was that I was using ActivePython 2.7.2.5 [64 bit] and this book was written for Python 3.

As a DNS professional I was disappointed that there were no DNS-related recipes in the Network and Web Programming section, but Web-related topics were well-represented in the book.

The “Python Cookbook” doesn’t seem to have quite the depth and organization of the “Perl Cookbook” but I’m sure I will rely on it heavily as I learn to use Python.  It did allow me to be productive very quickly and it passes the “Cookbook” standard with flying colors.  Any book that can get me to the point of writing a working, useful script in less than a day is worth using.  I recommend this book to anyone who has a basic understanding of Python and wants to get past “Hello, World” and “Eat Spam” as fast as possible.

Reviewer’s Note:  I am a member of the O’Reilly Blogger Review program and received a free copy of the “Python Cookbook” which was used to write this review.
I review for the O'Reilly Blogger Review Program

1 Comment

Filed under Book Review, Technology

Sunday Edition: A Geek and His Faith

If you’ve read my little bio over on the right sidebar, you might have picked up on my claim to be a Christian.  I’m not a particularly good one, mind you.  But that’s what grace is about, isn’t it?

One of the reasons I might not be a particularly good one probably has something to do with my other claim: that I’m a Geek.

As a Geek, I absolutely love my “tech toys”.  Give me a new gizmo to tinker with and I’m in Geek Heaven.  As a Christian, I am able to identify those impulses as a form of materialism.  The temptation to spend money I don’t have on gizmos I want is pretty darn strong, but I know I have to be responsible with my money so I (mostly) resist.

As a Geek, I love books.  Tech books and Science Fiction books, mostly.  Yet another materialistic impulse rears it’s head.  But I also enjoy SciFi in many different forms, including movies.  The problem with a lot of SciFi is that it’s not complimentary to a Christian worldview.  In a way, being a Christian makes me a bit of a SciFi Heretic — Aliens are simply allegories, miracles are not just “sufficiently advanced technology” or statistically improbable events, and I see Creation at work where some see only entropy.  But to my mind, better that than to be the other kind of heretic!

Being a Christian Geek isn’t totally contradictory, though.

As a Geek, I have a peculiar way of looking at the world.  As a Christian, I have a peculiar way of looking at the world.  It is possible for me to reconcile the two, through faith.  As a Geek, my view of the world is colored by scientific observation.  As a Christian, my view of the world is informed by an honest observation of human nature.  Both worldviews would insist that things happen for a reason, that cause and consequences go hand-in-hand.  Both worldviews look for wonder in the universe in which we live, and both are not afraid to ask hard questions.  Both worldviews find value in knowledge.

Being a geek could be a weakness, but it can also be a strength.  There is nothing “blind” about my faith.  I know why I believe what I believe.  Likewise, being a Christian helps to balance me and keep me grounded when my geek imagination tries to run away with me.

Geeks have a reputation for being strange.  Christians often have a reputation for being strange.  It means we have a different way of looking at things than so-called “normal” people.  And I kinda like being strange.

Sundays I’m going to try to explore what it means to be a “Christian Geek”, as often as I can.  You’re welcome to join me in that journey, whether you’re a geek, a Christian, or both.

Leave a comment

Filed under Faith, Lifestyle

Why You Should Care About DNS

In my day job, I am a DNS Professional.  DNS stands for Domain Name System.  It’s one of the reasons you can type crossadept.wordpress.com to get to my blog instead of having to remember six different numeric IP addresses.

(I’m also a Network Professional.  I can remember six different IP addresses if I’m using them constantly.  But not the dozens of IP addresses I connect to every single day.)

Most people don’t know what DNS is.  It’s one of those things that quietly works day after day and nobody except DNS Professionals like me give it a second thought.  But DNS is more relevant in today’s Internet than it was even ten years ago.  And for the sake of your money and reputation, you ought to care very much that DNS is doing the job it’s supposed to do.

Whether you know it or not, you are using a DNS server right this very moment.  What if someone was able to trick your DNS server into telling your web browser that “crossadept.wordpress.com” is an alias (another name) for “hackmycomputernow.badguy.net” (a fictitious black hat hacker website I made up) ?  You could be in for a very bad day without a clue about what was going on.

Fortunately, there are ways to protect your DNS server from just such a thing happening.  Unfortunately, many companies aren’t using them.

In the days to come, I hope to share with you on this blog how to set up a reasonably secure DNS system based on my own experiences.  If you need to host your own domain, you need to make sure you’re not wide open to every black hat on the Internet.

If all you care about is making sure that you can use DNS on your home or small business PC’s without worrying about hackers, check out OpenDNS.

4 Comments

Filed under DNS