no-nonsense, objective, experienced, honest

The Blog of an honest Consultant.


DNSSEC Requirements concerning IPAM

The IPAM system, which is used to manage DNS should support the following capabilities with regards to DNSSEC:
# Hosting of DNSSEC-enabled Zones
_- incl. [Read More…]

Admin - 14:46 @ dns, security, dnssec


Migrate Active Directory DNS (in a Nutshell)

Disable AD Replication (per Domain Controller)

C:> repadmin /options <DC-NAME> +DISABLE_OUTBOUND_REPL
C:> repadmin /options <DC-NAME> +DISABLE_INBOUND_REPL

Backup AD DNS Zones

PS C:> Export-DnsServerZone -Name "<zone-name>" -FileName "<file-name>"
PS C:> Export-DnsServerZone -Name "" -FileName ""

C:> dnscmd /zoneexport <zone-name> <file-name>
C:> dnscmd /zoneexport

Sure, there are scripts to automate this.

Configure Global Forwarding for Microsoft DNS
# delete all authoritative Zones
# allow Recursion
# enable “query logging” in MS DNS (C:/Windows/System32/dns/<hostname>.log)
# test Caching-Only Configuration of MS DNS
# change TCP/IP Stack of Domain Controller (new DNS Server’s IP)

Restart netlogon Service
# registers AD records in new DNS (“underscore” stuff)

C:> net stop netlogon
C:> net start netlogon

Register Domain Controller’s Host Record in new DNS

C:> ipconfig /registerdns

Enable AD Replication (per Domain Controller)

C:> repadmin /options <DC-NAME> -DISABLE_OUTBOUND_REPL
C:> repadmin /options <DC-NAME> -DISABLE_INBOUND_REPL

Need Assistance?
We’re happy to help you: Migration

Admin - 11:12 @ general, dns, migration


Protecting your Domain Names

* Review Access to Domain Name Registrars
* Review DNS Roles and Responsibilities
* Employee Transitions
* Update all Registration Information
* Use Roles for Domain Registration Information
* Don’t Use Personal Email Addresses
* Protect against Phishing Attacks
* Credential Updates
* Two-Factor Authentication (2FA) for Registrar Accounts
* Understand Registrar Security Policies, Tools, and Processes
* Review the Privacy Registration Options
* Review and Maintain Records in your Zone
* DNS Zone File Revision Control
* Is your Domain Locked at the Registrar?


Admin - 14:15 @ general, dns, security


Reasons for long or short TTLs

There are many reasons why network operators choose long or short TTLs

Longer caching results in faster responses: a longer TTL enables caching for longer periods, and cache hits are far faster than retrieving answers from authoritative servers, as the .uy experience illustrates. [Read More…]

Admin - 17:53 @ general, dns, security


Digitization in Facility Management

When it comes to facility management, it means managing buildings, maintaining technical facilities and repair equipment. [Read More…]

Admin - 13:07 @ general, dns, dhcp, security, ipv6