DNS – One Server (Does Not) Fit All

Hi!  If you’ve been reading about DNS on my blog, you probably understand the importance of having DNS services, you have some idea about why you might want to run your own DNS server, and you realize that protecting your online brand means protecting your domain registration.  What I’d like to talk about this time is how many DNS servers you should plan to operate.

BIND, which stands for Berkley Internet Name Daemon, is a DNS server that’s been designed to be able to provide every kind of DNS service you might need.  It is the most commonly and widely used DNS server in the market, and it’s also open source and free.  Technically speaking, you could theoretically run a single BIND server that hosts your internal domain, and provides your users and customers with a DNS resolver.  A lot of organizations with limited resources start out this way.  But even if you’re forced to start out with a setup like this, it’s not a good idea to keep it like this.

The problem with a one-server-fits-all approach is that if anything happens to degrade your DNS server’s performance, you can impact all of your DNS services.  The DNS protocol is designed to run a distributed service with multiple servers sharing the load and making the DNS services very resilient.  By splitting the service up among several servers, you insure that a problem with one server does not impact your entire DNS infrastructure.

Continue reading →

Why You Should Care About DNS

In my day job, I am a DNS Professional.  DNS stands for Domain Name System.  It’s one of the reasons you can type crossadept.wordpress.com to get to my blog instead of having to remember six different numeric IP addresses.

(I’m also a Network Professional.  I can remember six different IP addresses if I’m using them constantly.  But not the dozens of IP addresses I connect to every single day.)

Most people don’t know what DNS is.  It’s one of those things that quietly works day after day and nobody except DNS Professionals like me give it a second thought.  But DNS is more relevant in today’s Internet than it was even ten years ago.  And for the sake of your money and reputation, you ought to care very much that DNS is doing the job it’s supposed to do.

Whether you know it or not, you are using a DNS server right this very moment.  What if someone was able to trick your DNS server into telling your web browser that “crossadept.wordpress.com” is an alias (another name) for “hackmycomputernow.badguy.net” (a fictitious black hat hacker website I made up) ?  You could be in for a very bad day without a clue about what was going on.

Fortunately, there are ways to protect your DNS server from just such a thing happening.  Unfortunately, many companies aren’t using them.

In the days to come, I hope to share with you on this blog how to set up a reasonably secure DNS system based on my own experiences.  If you need to host your own domain, you need to make sure you’re not wide open to every black hat on the Internet.

If all you care about is making sure that you can use DNS on your home or small business PC’s without worrying about hackers, check out OpenDNS.