From: Chuck Sent: August 16, 2009 18:17 > > I recommend a highly secured master that is not queried by any > clients (preferably in a network/vlan your clients can't even > access)... then configure one-way zone transfers to 2 or more slave > servers which you configure your clients to point to. Maintain your > zone files in rcs of some sort... While I can agree with you suggestion in principal I think that this might be overkill in our situation. We have a relatively small network (6-8 servers, 15-20 workstations and maybe a dozen other types of equipment). I our case I think we can get away with a master and a slave DNS server running on existing servers. > For IP control/delegation and DNS control/delegation I recommend IP > Plan. I had stumbled across this before but I will have a better look at it. > Of course bind is the 800lb gorilla in the DNS world... don't even > think about putting DNS on windows. We are primarily a UNIX/Linux shop and I prefer not to use windows for such services unless I absolutely must. There are services that we require that only run on windows so we do have windows servers in our mix. > I don't recommend any front ends being that a few hours well spent > reading the docs and man pages will make you a dns expert in no > time. Bind is very easy to learn and shouldn't take longer than an > afternoon at best. I think I am going to have to disagree with you here. I have been using BIND for several years. While I have spent many hours reading docs and man pages I definitely would not classify myself as a DNS expert. I know that I am of above average intelligence and maybe I just have a "blind spot" when it comes to BIND (and it has been known to happen) but I just do not find it as straight forward to learn as you have. Then again I am getting "on in years" so that may be a contributing factor as well. Anyway, thank you very much for your comments and suggestions. They are appreciated. Regards, Hugh -- Hugh E Cruickshank, Forward Software, www.forward-software.com