In this post I will present the Best Practices of DNS configuration for Network Management
Typically, Microsoft servers and workstations are capable of self-registration to a DNS server which is part of an Active Directory server. Other IT assets may not have such functionality, therefore it is important to add a DNS record(s) for each IT asset that needs to be managed.
DNS Configuration Best Practices:
1. A device with a single network interface with a single IP address needs 2 record types:
- A record (also known as Forward Lookup) - from a hostname to an IP address
- PTR (also known as Reverse Lookup) from an IP address to a hostname
Below is an example of how to configure both of the records for a new device via the Microsoft DNS
2. A device that has multiple IP addresses (also called multi-homed) but communicates with the management system via only one of them - same as above.
Example: A server with several IP addresses.
3. A device that has multiple IP addresses and communicates with the management system via several IP addresses (not advisable, but can happen) requires 2 record types for each IP address that is communicating with the management station.
Example: A router or firewall that uses one IP address for responding to SNMP queries but sends Syslog alerts and/or SNMP traps via another IP address.
How DNS can help with network troubleshooting ?Some network engineers configure unique names for interfaces of routers to have a more read-able trace route output.
In cases where unique naming required per each IP address of a router, it is very common to use forward and reverse records for the main IP address (normally the loopback) and configure only reverse lookup (PTR) records for other interfaces that point to the name of the router.
Hop (ms) (ms) (ms) IP Address Host name
1 17 0 0 126.96.36.199 8-1-18.ear1.dallas1.level3.net
2 122 122 122 188.8.131.52 vlan70.csw2.dallas1.level3.net
3 120 120 120 184.108.40.206 ae-73-73.ebr3.dallas1.level3.net
4 * * * -
5 120 120 120 220.127.116.11 ae-2-2.ebr1.washington1.level3.net
6 122 121 121 18.104.22.168 ae-91-91.csw4.washington1.level3.net
7 121 121 121 22.214.171.124 ae-92-92.ebr2.washington1.level3.net
8 120 120 121 126.96.36.199 ae-44-44.ebr2.paris1.level3.net
9 120 120 120 188.8.131.52 ae-47-47.ebr1.frankfurt1.level3.net
10 120 125 120 184.108.40.206 ae-71-71.csw2.frankfurt1.level3.net
11 121 121 121 220.127.116.11 ae-2-70.edge4.frankfurt1.level3.net
12 122 122 122 18.104.22.168
Why would you need to configure 2 records for each IP address?Most network management software systems insist on using reverse lookup to verify the IT asset names and IP addresses. Failing to have both records per device, can lead to the network management software performance issues such as long discovery and polling times, delays in processing SNMP traps etc.
Yigal Korolevski, KMC Technologies http://www.nms-guru.com