no-nonsense, objective, experienced, honest


The Blog of an honest Consultant.

2020-03-18

DNSSEC Requirements concerning IPAM

The IPAM system, which is used to manage DNS should support the following capabilities with regards to DNSSEC:
# Hosting of DNSSEC-enabled Zones
_- incl. [Read More…]

Admin - 14:46 @ dns, security, dnssec

2020-01-01

Migrate Active Directory DNS (in a Nutshell)

Disable AD Replication (per Domain Controller)

C:> repadmin /options <DC-NAME> +DISABLE_OUTBOUND_REPL
C:> repadmin /options <DC-NAME> +DISABLE_INBOUND_REPL

Backup AD DNS Zones

PowerShell:
PS C:> Export-DnsServerZone -Name "<zone-name>" -FileName "<file-name>"
PS C:> Export-DnsServerZone -Name "example.com" -FileName "db.example.com"

CMD:
C:> dnscmd /zoneexport <zone-name> <file-name>
C:> dnscmd /zoneexport example.com db.example.com

Sure, there are scripts to automate this.

Configure Global Forwarding for Microsoft DNS
# delete all authoritative Zones
# allow Recursion
# enable “query logging” in MS DNS (C:/Windows/System32/dns/<hostname>.log)
# test Caching-Only Configuration of MS DNS
# change TCP/IP Stack of Domain Controller (new DNS Server’s IP)

Restart netlogon Service
# registers AD records in new DNS (“underscore” stuff)
_> _msdcs.example.com
_> _sites.example.com
_> _tcp.example.com
_> _udp.example.com
_> ForestDnsZones.example.com
_> DomainDnsZones.example.com

C:> net stop netlogon
C:> net start netlogon

Register Domain Controller’s Host Record in new DNS

C:> ipconfig /registerdns

Enable AD Replication (per Domain Controller)

C:> repadmin /options <DC-NAME> -DISABLE_OUTBOUND_REPL
C:> repadmin /options <DC-NAME> -DISABLE_INBOUND_REPL

Need Assistance?
We’re happy to help you: Migration

Admin - 11:12 @ general, dns, migration

2019-11-19

Protecting your Domain Names

* Review Access to Domain Name Registrars
* Review DNS Roles and Responsibilities
* Employee Transitions
* Update all Registration Information
* Use Roles for Domain Registration Information
* Don’t Use Personal Email Addresses
* Protect against Phishing Attacks
* Credential Updates
* Two-Factor Authentication (2FA) for Registrar Accounts
* Understand Registrar Security Policies, Tools, and Processes
* Review the Privacy Registration Options
* Review and Maintain Records in your Zone
* DNS Zone File Revision Control
* Is your Domain Locked at the Registrar?

Source: https://blogs.akamai.com/2019/02/protecting-your-domain-names-taking-the-first-steps.html

Admin - 14:15 @ general, dns, security

2019-11-12

Reasons for long or short TTLs

There are many reasons why network operators choose long or short TTLs

Longer caching results in faster responses: a longer TTL enables caching for longer periods, and cache hits are far faster than retrieving answers from authoritative servers, as the .uy experience illustrates. [Read More…]

Admin - 17:53 @ general, dns, security

2019-06-30

Digitization in Facility Management

When it comes to facility management, it means managing buildings, maintaining technical facilities and repair equipment. [Read More…]

Admin - 13:07 @ general, dns, dhcp, security, ipv6