VMware Cloud Community
JamesSykes
Contributor
Contributor
‎12-10-2009 08:46 AM

DNS Strategy

So I'm in the middle of building a solution for a customer, one that we will be managing moving forward.

To give you an idea of the size, talking around 350Ghz of processor and 500GB of memory over 16 hosts. All hooked up to a group of EQL iSCSI SANS.

Now the question of DNS has come up. Of course most organisations run some sort of AD and so have their own internal DNS infrastructure in house. We dont.

Our own vmware setups that we use in-house for dev and production environments have simply been setup by managing hosts files, that is, all DNS is held within the hosts/virtualcentres and that allows everything to connect together and work just fine.

However with this customer setup there are some other issues, for example there is going to be at least another environment in another DC and so the number of hosts is going to double and basically it's probably going to end up being a pain to manage just updating hosts files.

So what do we do? I don't really want to setup DNS servers and start managing it like that.

What about public dns records? I'm sure there are all sorts of reasons why that is a bad idea but this infrastructure is being designed to host a web application so external connectivity isn't one of em.

Is security even an issue? So what if vmhost-1.whatever.com is public and resoves to 10.10.10.4... it's still not routable though we'de rather it was a secret in the first place.

What does everyone think?

Reply
0 Kudos
4 Replies
AntonVZhbankov
Immortal
Immortal
‎12-10-2009 09:05 AM

>I don't really want to setup DNS servers and start managing it like that.

Why not? It's not that difficult.

You can run DNS even in VMs, protected by HA.


---

MCSA, MCTS, VCP, VMware vExpert '2009

http://blog.vadmin.ru

EMCCAe, HPE ASE, MCITP: SA+VA, VCP 3/4/5, VMware vExpert XO (14 stars)
VMUG Russia Leader
http://t.me/beerpanda
Reply
0 Kudos
amvmware
Expert
Expert
‎12-10-2009 01:38 PM

I agree with Anton - setting up DNS is not that difficult and a lot less work than managing host files. You can setup microsft DNS as normal primary \ secondary DNS zones without the need to install AD.

Reply
0 Kudos
sketchy00
Hot Shot
Hot Shot
‎12-10-2009 01:57 PM

Without a doubt, go with an internal DNS server. You'll be happy you did. If you have a DC, just make the DC a DNS server, and it will resolve everything that is local to your domain, and forward everything that is not. If you a *nix shop, just run BIND.

Reply
0 Kudos
Texiwill
Leadership
Leadership
‎12-11-2009 05:31 AM

Hello,

DNS works fine as a VM, I have 2, 1 external, and one internal. The internal one runs BIND (*nix) and has the proper records for AD. Or you can just run AD with DNS, etc.

Believe me this is the best way to go. If you are security conscious you may wish to use DNS SEC but internally for a small shop, it is most likely not required.


Best regards,
Edward L. Haletky VMware Communities User Moderator, VMware vExpert 2009

Virtualization Practice Analyst[/url]
Now Available: 'VMware vSphere(TM) and Virtual Infrastructure Security'[/url]
Also available 'VMWare ESX Server in the Enterprise'[/url]
[url=http://www.astroarch.com/wiki/index.php/Blog_Roll]SearchVMware Pro[/url]|Blue Gears[/url]|Top Virtualization Security Links[/url]|
[url=http://www.astroarch.com/wiki/index.php/Virtualization_Security_Round_Table_Podcast]Virtualization Security Round Table Podcast[/url]

--
Edward L. Haletky
vExpert XIV: 2009-2023,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill
Reply
0 Kudos