Monday, November 10, 2014

DNS Configuration Best Practices for Network Management

In my previous post, "Why DNS is vital for Network Management success - Part 1" I've described the importance of a solid DNS system for successful network management.

In this post I will present the Best Practices of DNS configuration for Network Management


Typically, Microsoft servers and workstations are capable of self-registration to a DNS server which is part of an Active Directory server. Other IT assets may not have such functionality, therefore it is important to add a DNS record(s) for each IT asset that needs to be managed.

DNS Configuration Best Practices:


1. A device with a single network interface with a single IP address needs 2 record types:
  •     A record (also known as Forward Lookup) - from a hostname to an IP address
  •     PTR (also known as Reverse Lookup) from an IP address to a hostname
Example: A network switch that has no routing enabled (Layer 2 only)

Below is an example of how to configure both of the records for a new device via the Microsoft DNS
configuration tool:

2. A device that has multiple IP addresses (also called multi-homed) but communicates with the management system via only one of them - same as above.
Example: A server with several IP addresses.

3.  A device that has multiple IP addresses and communicates with the management system via several IP addresses (not advisable, but can happen) requires 2 record types for each IP address that is communicating with the management station.

Example: A router or firewall that uses one IP address for responding to SNMP queries but sends Syslog alerts and/or SNMP traps via another IP address.

How DNS can help with network troubleshooting ?

Some network engineers configure unique names for interfaces of routers to have a more read-able trace route output.

In cases where unique naming required per each IP address of a router, it is very common to use forward and reverse records for the main IP address (normally the loopback) and configure only reverse lookup (PTR) records for other interfaces that point to the name of the router.
Example:

Hop    (ms)    (ms)    (ms)             IP Address        Host name
1       17           0          0             8.9.232.73         8-1-18.ear1.dallas1.level3.net 
2       122       122       122          4.69.145.126     vlan70.csw2.dallas1.level3.net 
3       120       120       120          4.69.151.146     ae-73-73.ebr3.dallas1.level3.net 
4       *             *          *              - 
5       120       120       120          4.69.132.86      ae-2-2.ebr1.washington1.level3.net 
6       122       121       121          4.69.134.142    ae-91-91.csw4.washington1.level3.net 
7       121       121       121          4.69.134.157    ae-92-92.ebr2.washington1.level3.net 
8       120       120       121          4.69.137.61      ae-44-44.ebr2.paris1.level3.net 
9       120       120       120          4.69.143.141    ae-47-47.ebr1.frankfurt1.level3.net 
10     120       125       120          4.69.140.6        ae-71-71.csw2.frankfurt1.level3.net 
11      121       121       121          4.69.154.72     ae-2-70.edge4.frankfurt1.level3.net 
12     122       122       122          212.162.5.162   



Why would you need to configure 2 records for each IP address?

Most network management software systems insist on using reverse lookup to verify the IT asset names and IP addresses. Failing to have both records per device, can lead to the network management software performance issues such as long discovery and polling times, delays in processing SNMP traps etc.

Yigal Korolevski, KMC Technologies http://www.nms-guru.com

1 comment:

  1. I'll say that on average I'd see my score drop 10-15% between the second preassessment and the actual test results throughout my experience at WGU. statlook

    ReplyDelete