HI All,
Can anyone explain why I might want to run my own DNS Server in-house? I have a comcast business circuit and use their DNS servers and when I need entries, I use GoDaddy where I buy my domains.
Best, -ML
On Mon, Oct 5, 2009 at 12:17 PM, ML mailinglists@mailnewsrss.com wrote:
HI All,
Can anyone explain why I might want to run my own DNS Server in-house? I have a comcast business circuit and use their DNS servers and when I need entries, I use GoDaddy where I buy my domains.
Best, -ML
If you want to do more complex things, like subdomain delegation, split views, etc... Most ISP providers do not allow that sort of functionality, and the ones that do usually require that you submit requests through them (no web control panel) and it gets updated on their timeline. If you just need basic stuff with A, MX, CNAME, and other basic records, ISP DNS is just fine.
ML wrote:
HI All,
Can anyone explain why I might want to run my own DNS Server in-house? I have a comcast business circuit and use their DNS servers and when I need entries, I use GoDaddy where I buy my domains.
Best, -ML _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
It depends upon how many PCs / servers you have and what functions these perform. If you only have one or two computers, do not run your own servers then you have no need for your own DNS. If on the other hand you have multiple servers and computer workstations and want to be able to connect to these by name then running DNS makes lots of sense. If you host your own web site and email etc then having your own DNS (or masquerade) saves bandwidth and more particularly time in DNS lookups. HTH
ML wrote:
HI All,
Can anyone explain why I might want to run my own DNS Server in-house? I have a comcast business circuit and use their DNS servers and when I need entries, I use GoDaddy where I buy my domains.
It depends upon how many PCs / servers you have and what functions these perform. If you only have one or two computers, do not run your own servers then you have no need for your own DNS.
Yup. That's what /etc/hosts is for, and if I had under, say, a dozen or so systems, that's what I'd use. <snip> mark
ML wrote:
HI All,
Can anyone explain why I might want to run my own DNS Server in-house? I have a comcast business circuit and use their DNS servers and when I need entries, I use GoDaddy where I buy my domains.
A) run a caching server to speed up lookups
B) you want to have DNS for your private network behind a firewall.
C) run your own authoritative DNS because you don't want to deal with funky outfits like godaddy.
I belong to all three of these sets.
ML wrote:
HI All,
Can anyone explain why I might want to run my own DNS Server in-house? I have a comcast business circuit and use their DNS servers and when I need entries, I use GoDaddy where I buy my domains.
It's generally a good idea to have a caching server locally for speed and if you use NAT and private addresses, the same server(s) can be primary for the internal view of your domain.
If you aren't a large enterprise with multiple server sites, you might be better off letting a service provider handle the public view.
All great responses.
Why would a small business want to run their own DNS? Independence and control.
If you want or require the ability to route people to internal (on your LAN/WAN) web-based applications to URL's like http://intranet or https://yourcompanyquickenbooks this is one way rather than having your employees try and remember things like https://10.1.1.1 or maintaining a bunch of lmosts (Win) and /etc/hosts (*nix) files on workstations and laptops. Or if you have trouble frequently with your ISP's DNS servers (Comcast or whoever) this is a simple way to go (caching). Make sure you secure it and have it nicely hidden in a DMZ or on your internal net through. One snag to keep in mind is that if you have your internal server acting authoritatively for yourcompany.com and externally it is a different SOA you could run into overlap issues. But in general the reason is that most companies have stuff in their internal DNS they certainly do not want known in the public and want to manipulate resolution internally for some things. But if your business can live without the benefits or protection that running your DNS server internally brings, then really no need to add another server to your admin duties unless you are really excited to manage a DNS server or tackle some complex and uber-secure Master/Slave architecture as a project. Hopes this helps.
Larry Kemp Network Engineer U.S. Metropolitan Telecom, LLC Bonita Springs, FL USA
-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of Les Mikesell Sent: Monday, October 05, 2009 12:31 PM To: CentOS mailing list Subject: Re: [CentOS] DNS Serving - Why my own?
ML wrote:
HI All,
Can anyone explain why I might want to run my own DNS Server in-house? I have a comcast business circuit and use their DNS servers and when I need entries, I use GoDaddy where I buy my domains.
It's generally a good idea to have a caching server locally for speed and if you use NAT and private addresses, the same server(s) can be primary for the internal view of your domain.
If you aren't a large enterprise with multiple server sites, you might be better off letting a service provider handle the public view.
Kemp, Larry wrote:
All great responses.
Why would a small business want to run their own DNS? Independence and control.
If you want or require the ability to route people to internal (on your LAN/WAN) web-based applications to URL's like http://intranet or https://yourcompanyquickenbooks this is one way rather than having your employees try and remember things like https://10.1.1.1 or maintaining a bunch of lmosts (Win) and /etc/hosts (*nix) files on workstations and laptops. Or if you have trouble frequently with your ISP's DNS servers (Comcast or whoever) this is a simple way to go (caching). Make sure you secure it and have it nicely hidden in a DMZ or on your internal net through. One snag to keep in mind is that if you have your internal server acting authoritatively for yourcompany.com and externally it is a different SOA you could run into overlap issues. But in general the reason is that most companies have stuff in their internal DNS they certainly do not want known in the public and want to manipulate resolution internally for some things. But if your business can live without the
be
nefits or protection that running your DNS server internally brings, then really no need to add another server to your admin duties unless you are really excited to manage a DNS server or tackle some complex and uber-secure Master/Slave architecture as a project. Hopes this helps.
Another reason would be to avoid your ISP's redirection when a host doesn't resolve. Comcast, for example, will send your request to their search page. This can confuse some people, or can potentially end up leading you to a malicious page (I don't trust their search results). It's also annoying because pretty much everything will resolve whether it is valid or not.
Ryan Pugatch Systems Administrator, TripAdvisor
"Another reason would be to avoid your ISP's redirection when a host doesn't resolve. Comcast, for example, will send your request to their search page. This can confuse some people, or can potentially end up leading you to a malicious page (I don't trust their search results). It's also annoying because pretty much everything will resolve whether it is valid or not."
Huge point Ryan. Just this weekend something happened yet again to Comcast's DNS or address mail.comcast.net. Their DNS was routing me to a server in Germany. I suspected an attack like the one they suffered in May of 2008 when Comcast's registrar info was accessed at ARIN and then the entire Internet was routing people to an HTML page when they entered http://www.comcast.net. Users might not think twice about entering their account info on a page that looks legitimate (but in reality is some site snagging logins of users). A non-caching DNS server internal on your LAN means that unless ARIN itself is hacked all your users go where they are supposed to (where "you" want them too, not where your ISP wants to send them). Way less chance of any kind of man in the middle attack or biased routing to the ISP's search like Ryan said.
Larry Kemp Network Engineer U.S. Metropolitan Telecom, LLC Bonita Springs, FL USA
-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of Ryan Pugatch Sent: Monday, October 05, 2009 1:21 PM To: CentOS mailing list Subject: Re: [CentOS] DNS Serving - Why my own?
Kemp, Larry wrote:
All great responses.
Why would a small business want to run their own DNS? Independence and control.
If you want or require the ability to route people to internal (on your LAN/WAN) web-based applications to URL's like http://intranet or https://yourcompanyquickenbooks this is one way rather than having your employees try and remember things like https://10.1.1.1 or maintaining a bunch of lmosts (Win) and /etc/hosts (*nix) files on workstations and laptops. Or if you have trouble frequently with your ISP's DNS servers (Comcast or whoever) this is a simple way to go (caching). Make sure you secure it and have it nicely hidden in a DMZ or on your internal net through. One snag to keep in mind is that if you have your internal server acting authoritatively for yourcompany.com and externally it is a different SOA you could run into overlap issues. But in general the reason is that most companies have stuff in their internal DNS they certainly do not want known in the public and want to manipulate resolution internally for some things. But if your business can live without the
be
nefits or protection that running your DNS server internally brings, then really no need to add another server to your admin duties unless you are really excited to manage a DNS server or tackle some complex and uber-secure Master/Slave architecture as a project. Hopes this helps.
Another reason would be to avoid your ISP's redirection when a host doesn't resolve. Comcast, for example, will send your request to their search page. This can confuse some people, or can potentially end up leading you to a malicious page (I don't trust their search results). It's also annoying because pretty much everything will resolve whether it is valid or not.
Ryan Pugatch Systems Administrator, TripAdvisor _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Ryan Pugatch wrote:
Another reason would be to avoid your ISP's redirection when a host doesn't resolve. Comcast, for example, will send your request to their search page. This can confuse some people, or can potentially end up leading you to a malicious page (I don't trust their search results). It's also annoying because pretty much everything will resolve whether it is valid or not.
+1
I always run my own DNS server at home, and skip the ones provided by Comcast (or any other provider, really). It's so easy, provided you have a system running 24/7 somewhere on the network. Most distributions provide some sort of plug-and-play recursive resolver, you just need to install it and turn it on.
Can anyone explain why I might want to run my own DNS Server in-house? I have a comcast business circuit and use their DNS servers and when I need entries, I use GoDaddy where I buy my domains.
Depends on the size of your organization. My at home setup has a few PCs & CentOS boxes so it's easy enough to manage host entries through the little gateway/router that I tweaked.
The company I manage IT for OTOH, has close to 50 PCs & 6-7 servers (mixed Windows & CentOS) spread across three subnets and four offices. We use Active Directory so DNS resolution of our internal hosts is important. Two of the servers are also public facing (behind firewalls) so we have DNS setup to direct internal clients to the internal IP of the server & external clients access the public IP of the server.
The internal DNS saves me and the staff from having to remember the mail server's IP and can just access it via the same name as the rest of the public.
-
Brian Mathis -
Drew -
Florin Andrei -
John R Pierce -
Kemp, Larry -
Les Mikesell -
m.roth@5-cent.us -
ML -
Rob Kampen -
Ryan Pugatch