DNS Service Implementation and Changeover



Similar documents
Upgrading User-ID. Tech Note PAN-OS , Palo Alto Networks, Inc.

How to set up the Integrated DNS Server for Inbound Load Balancing

KB Windows 2000 DNS Event Messages 1 Through 1614

Troubleshooting Guide

Configuring User Identification via Active Directory

TMS Phone Books Troubleshoot Guide

Windows Firewall Configuration with Group Policy for SyAM System Client Installation

BioWin Network Installation

Understand Names Resolution

How to Add Domains and DNS Records

Understanding DNS (the Domain Name System)

Download/Install IDENTD

Chapter 25 Domain Name System Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

Implementing, Managing, and Maintaining a Microsoft Windows Server 2003 Network Infrastructure

freesshd SFTP Server on Windows

Copyright International Business Machines Corporation All rights reserved. US Government Users Restricted Rights Use, duplication or disclosure

HTG XROADS NETWORKS. Network Appliance How To Guide: EdgeDNS. How To Guide

Automatic Configuration of Slave Nameservers (BIND only)

2X ApplicationServer & LoadBalancer Manual

Use Domain Name System and IP Version 6

DNS and BIND Primer. Pete Nesbitt linux1.ca. April 2012

Using Webmin and Bind9 to Setup DNS Sever on Linux

Configuring TCP/IP Port & Firewall Monitoring With Sentry-go Quick & Plus! monitors

Multi-factor Authentication using Radius

Introduction to Network Operating Systems

2 HDE Controller X DNS Server Manual

MailMarshal SMTP in a Load Balanced Array of Servers Technical White Paper September 29, 2003

Deploying ModusGate with Exchange Server. (Version 4.0+)

Installing and Setting up Microsoft DNS Server

Steps to be taken when you are unable to get the license in Tally.ERP 9

How To - Implement Clientless Single Sign On Authentication in Single Active Directory Domain Controller Environment

Securing an Internet Name Server

Windows Firewall Exceptions Configuring Windows Firewall Exceptions for Docusnap

LDaemon. This document is provided as a step by step procedure for setting up LDaemon and common LDaemon clients.

Lab 4 Domain Name System - DNS CMPE 150

Network System Management. Creating an Active Directory Domain

Networking Domain Name System

How to Configure Split DNS

DNS and BIND. David White

DNS zone transfers from FreeIPA to non-freeipa slave servers

DC Agent Troubleshooting

Avatier Identity Management Suite

Copyright

Forouzan: Chapter 17. Domain Name System (DNS)

EventSentry Overview. Part I Introduction 1 Part II Setting up SQL 2008 R2 Express 2. Part III Setting up IIS 9. Part IV Installing EventSentry 11

Module 2. Configuring and Troubleshooting DNS. Contents:

CHAPTER ANSWERS IMPLEMENTING, MANAGING, AND MAINTAINING A MICROSOFT WINDOWS SERVER 2003 NETWORK INFRASTRUCTURE

Creating a master/slave DNS server combination for your Grid Infrastructure

StarWind iscsi SAN Software: Configuring High Availability Storage for VMware vsphere and ESX Server

Deploying System Center 2012 R2 Configuration Manager

Parallels Plesk Automation

Immotec Systems, Inc. SQL Server 2005 Installation Document

Product Manual. Administration and Configuration Manual

Local Caching Servers (LCS): User Manual

Configuring the Active Directory Plug-in

Setting up Hyper-V for 2X VirtualDesktopServer Manual

DNS. Computer Networks. Seminar 12

Syslog Server Configuration on Wireless LAN Controllers (WLCs)

Quick Start Guide For Ipswitch Failover v9.0

Hostname (DNS Resolvable) Network Objects

Keep SQL Service Running On Replica Member While Replicating Data In Realtime

LOAD BALANCING 2X APPLICATIONSERVER XG SECURE CLIENT GATEWAYS THROUGH MICROSOFT NETWORK LOAD BALANCING

Install MS SQL Server 2012 Express Edition

Red Hat system-config-bind BIND (Berkeley Internet Name Domain) DNS ( Domain Name System)

Setting Up and Configuring programs to Work with NetOp

SSL Installing your new Certificate

Tunnel Client FAQ. Table of Contents. Version 0v5, November 2014 Revised: Kate Lance Author: Karl Auer

How-to: HTTP-Proxy and Radius Authentication and Windows IAS Server settings. Securepoint Security System Version 2007nx

Installation and User Guide Zend Browser Toolbar

How To Guide Edge Network Appliance How To Guide:

TROUBLESHOOTING INCORRECT REPORTING OF THE WHO CHANGED PARAMETER

Netwatch Installation For Windows

IBM Security QRadar Version (MR1) WinCollect User Guide

Setting up VMware ESXi for 2X VirtualDesktopServer Manual

KASPERSKY LAB. Kaspersky Administration Kit version 6.0. Administrator s manual

StarWind iscsi SAN Software: Using an existing SAN for configuring High Availability storage with Windows Server 2003 and 2008

Configure ActiveSync with a single Exchange server (Exchange sync for an iphone)

Using Logon Agent for Transparent User Identification

Setting up Hyper-V for 2X VirtualDesktopServer Manual

How To Industrial Networking

DNS Server Operation & Configuration

DigitalPersona Pro Server for Active Directory v4.x Quick Start Installation Guide

Networking Domain Name System

Network/Floating License Installation Instructions

Acano solution. Acano Manager R1.1 FAQs. Acano. December G

Installation Notes for Outpost Network Security (ONS) version 3.2

Extended communication server 4.1 : VoIP SIP service administration

Application Notes for Configuring Alternate Methods of Domain Based Routing for Outbound SIP Calls with the Avaya SIP Trunk Architecture Issue 1.

Security Provider Integration LDAP Server

How to add your Weebly website to a TotalCloud hosted Server

Tenrox and Microsoft Dynamics CRM Integration Guide

Installation Steps for PAN User-ID Agent

Installing Policy Patrol on a separate machine

How to Configure DNS Zones

Domain Name Server. Training Division National Informatics Centre New Delhi

Using DC Agent for Transparent User Identification

Transcription:

DNS Service Implementation and Changeover White Paper Nixu Software Oy Ltd A Nixu Group Company Keilaranta 15 FI-02150 Espoo Finland www.nixusoftware.com

Importing Zone Data to Nixu NameSurfer The zone data can be imported from existing master name server to Nixu NameSurfer in two ways: by using the zone transfer function, or by using zone files compatible with BIND. The zone transfer option excludes the possible dangers of file corruption, or zone files containing false data due to mistake after editing, through zone data validation. Another benefit from using this method stems from the realtime data accuracy: when making a zone transfer, the user can be certain that the received data is up to date. Regardless of the method used, the zone data can be imported to Nixu NameSurfer either via WebUI using DNS / Import feature or alternatively using nsctl command-line tool. The instructions for using import function are documented in Nixu NameSurfer s online help and Nixu NameSurfer Suite Reference Manual. Nixu NameSurfer Initialization Given the hierarchical structure of DNS and the hidden primary architecture of Nixu NameSurfer, the hidden primary DNS server can be modified without any significant changes visible to the network, or the authoritative name servers integrated with it. Therefore, our advice is to start the DNS changeover by installing and configuring Nixu NameSurfer as the hidden DNS primary for the new environment. At this point, the NameSurfer import function can be chosen to act upon: a) only the private zone data b) only the public zone data c) both the private and public zone data By importing the zone data in increments for example only the internal zone data first the chance of possible problems stemming from the changeover process interfering with external services can be narrowed down significantly. By using internal zone data, the new hidden primary DNS server can be tested thoroughly and its configurations validated. The imported zone data will be managed by using the tools included in Nixu NameSurfer after the import process. If the existing BIND servers continue to be run alongside Nixu NameSurfer hidden DNS primary during the changeover, the master server IP address of their BIND configuration (named.conf) zone definition must be changed to match with NameSurfer s IP address. Below, please find examples of BIND name server configuration:

zone "corporation.com" { type slave; file "corporation.com.bk"; masters { 20.20.20.20; #original master Or if the server in question is a master name server for the particular zone: zone "corporation.com" { type master; file "corporation.com.bk"; The zone definition must be changed so that the zone type is slave and the IP address in the masters definition matches the NameSurfer s IP address. Please also note that Nixu NameSurfer s hidden primary DNS process listens on port 8054. In other words, the definition should appear after modification as the following: zone "corporation.com" { type slave; file "corporation.com.bk"; masters port 8054 { 20.20.20.21; #namesurfer IP address Along with the hidden primary DNS process, a local BIND process can be activated in Nixu NameSurfer installation. If activated, the local BIND can be viewed in as localhost in the Remote Servers section of Nixu NameSurfer's WebUI. The BIND instance running as localhost can be added to a zone as a Remote Secondary name server by ticking a checkbox located next to it in zone s root node view. This causes the local BIND process to control that particular zone, and the authoritative name servers can communicate via standard DNS port :53 using Nixu NameSurfer s IP address. In this case, the BIND server configuration does not require the port definition as shown in the example above. Please also note that old BIND servers are not integrated with Nixu NameSurfer by default, so new zones created in Nixu NameSurfer are not automatically pushed to existing BIND name servers.

Installing Nixu SNS Servers If new Nixu SNS server instances are assigned new IP addresses (as opposed to utilizing existing IP addresses used by legacy BIND servers), they can be installed alongside the old BIND servers in the production network. Nixu SNS servers should be integrated with Nixu NameSurfer using real IP addresses, rather than for example load-balancer or virtual IP address(es). If the Nixu SNS servers have both a public and a private address, one should decide which of the two addresses is used to communicate with Nixu NameSurfer, and configure other network equipment (e.g. firewalls) accordingly. If Nixu SNS server s IP address is changed during the changeover from the installation environment to the production network, the IP addresses should be changed again using Nixu NameSurfer's WebUI. The instructions for this process can be found in both Nixu SNS Reference Manual and Nixu NameSurfer Suite Reference Manual. After the integration process has been completed, adding a single zone is carried out by accessing the desired zone s root node page in Nixu NameSurfer; viewing Remote secondary servers section; and ticking the checkboxes of those Nixu SNS servers that will be authoritative for that particular zone. When adding a remote secondary server for several zones, the basic principle is the same; however, in this case, the operation can also be performed using NameSurfer s Bulk changes tool. After the selections have been made and the changes have been saved by clicking the OK button, Nixu NameSurfer automatically updates the configuration and sends it out to relevant Nixu SNS servers. In the event that some of the Nixu SNS server instances are public and some private, one should make sure that the correct Remote secondary servers are chosen for each zone. Although the process of adding Remote secondary servers to the network should be the responsibility of a more experienced network administrator, the possibility of human error still remains. Therefore, as as precautionary measure, the private and public zones can be divided into their own Views in Nixu NameSurfer. A View can have the IP address ranges containing the SNS servers which have access to that particular View s zone data. With this configuration, the production network can have two DNS Views in use, for example Internal and External. When adding new zones, a userspecific Zone template (part of User Management) containing a proper set of pre-selected Remote secondary servers for a zone can also be utilized. In order for the new Nixu SNS servers to be made authoritative for a given zone, please follow the steps below: 1. Add the Nixu SNS servers NS records to the zone data 2. Update the new NS records throughout the domain hierarchy

Usually both the zone itself and the parent zone of the higher domain hierarchy contain the A records corresponding to the particular NS records. Because the A records point to specific IP addresses, it is important that these are also updated and notified to the higher levels of domain hierarchy. To ensure that recursive name servers (caching DNS servers) in the Internet will be able to perform queries with cached name servers after the changeover, the legacy BIND servers can be run assuming they have different names and IP addresses than the new name servers alongside Nixu SNS servers until the old zone data has expired in caching name servers. Recursive DNS and Nixu SNS Servers Nixu SNS server instances can be configured to function as a caching/recursive DNS server by setting the DNS / Options / Access / Inbound restrictions / Recursion option s value to Yes. The clients and networks allowed to make recursive name queries using the server in question can be defined using DNS / Options / Access / Inbound restrictions section s Allow recursion IP address or block and Allow recursion ACL options. When using access control lists (ACL), they must first be defined at DNS / ACLs section. Changing IP Addresses If the servers are using temporary IP addresses before the changeover to production environment for example in a testing environment they must be changed before the actual changeover. Although the examples below describe how to change the IP address with different server types, it is recommended to install Nixu NameSurfer using a real IP address if possible. Nixu NameSurfer: The IP address of the operating system can be changed by running systemconfig-network command in the CLI. This activates a text-only editor, allowing a new IP address and name servers to be defined. New network settings will come into effect after running service network restart command. In addition to the operating system, the new IP address must also be specified in the Nixu NameSurfer configuration files, as follows: /usr/local/namesurfer/config/server.conf: primary_addr

recursive_name_server /usr/local/namesurfer/config/webui.conf: primary_addr It is also recommended to check, and modify if necessary, the Default master server IP value in Server details section located in integrated Remote servers. Nixu SNS server: Run sns-network-config using the Nixu SNS CLI. This allows new IP addresses for different network interface devices to be configured.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information