Hi

I am planning on being the authority for my external DNS domain and
will be hosting all my and my customers DNS records myself. I plan on
deploying one external DNS server for the time being. Someone told me
that I would need at least 2 external DNS servers to allow the transfer
of this authority to happen at my ISP. Is this true? I appreciate the
fact that 2 external DNS servers would provide redundancy but I don't
have the physical hardware at the moment. Could I run 2 guest OS
machines on virtual server and make them both DNS servers, anyone have
any experience with virtualising DNS services? Would this be
advisable??

Thanks all

AJ

"AndyJ" <andyjones99@hotmail.co.uk> wrote in message
news:1165069286.376497.262630@73g2000cwn.googlegro ups.com...
> Hi
>
> I am planning on being the authority for my external DNS domain and
> will be hosting all my and my customers DNS records myself.

It is generally a poor idea so what are you specific reasons
for doing this?

> I plan on
> deploying one external DNS server for the time being. Someone told me
> that I would need at least 2 external DNS servers to allow the transfer
> of this authority to happen at my ISP. Is this true?

This is just one of the reasons why it is a poor idea
to do it yourself rather than leave the job at your
registrar where it belongs for all but the large (in
terms of Internet presence) companies.

It is a business rule of the Internet, although there
are ways to cheat why would you want to do this?

> I appreciate the
> fact that 2 external DNS servers would provide redundancy but I don't
> have the physical hardware at the moment. Could I run 2 guest OS
> machines on virtual server and make them both DNS servers, anyone have
> any experience with virtualising DNS services? Would this be
> advisable??

Better to leave your external DNS at the Registrar.

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]


> Thanks all
>
> AJ
>

Thanks Herb

It is so I can make the changes that I require to be made in a timely
manner and so I have complete control over the records. I'm finding I
cannot add records that I want to at my existing registrar, maybe I
should just switch to a better one?

Thanks
AJ

Herb Martin wrote:
> "AndyJ" <andyjones99@hotmail.co.uk> wrote in message
> news:1165069286.376497.262630@73g2000cwn.googlegro ups.com...
> > Hi
> >
> > I am planning on being the authority for my external DNS domain and
> > will be hosting all my and my customers DNS records myself.
>
> It is generally a poor idea so what are you specific reasons
> for doing this?
>
> > I plan on
> > deploying one external DNS server for the time being. Someone told me
> > that I would need at least 2 external DNS servers to allow the transfer
> > of this authority to happen at my ISP. Is this true?
>
> This is just one of the reasons why it is a poor idea
> to do it yourself rather than leave the job at your
> registrar where it belongs for all but the large (in
> terms of Internet presence) companies.
>
> It is a business rule of the Internet, although there
> are ways to cheat why would you want to do this?
>
> > I appreciate the
> > fact that 2 external DNS servers would provide redundancy but I don't
> > have the physical hardware at the moment. Could I run 2 guest OS
> > machines on virtual server and make them both DNS servers, anyone have
> > any experience with virtualising DNS services? Would this be
> > advisable??
>
> Better to leave your external DNS at the Registrar.
>
> --
> Herb Martin, MCSE, MVP
> Accelerated MCSE
> http://www.LearnQuick.Com
> [phone number on web site]
>
>
> > Thanks all
> >
> > AJ
> >

"AndyJ" <andyjones99@hotmail.co.uk> wrote in message
news:1165076513.931179.26600@l12g2000cwl.googlegro ups.com...
> Thanks Herb
>
> It is so I can make the changes that I require to be made in a timely
> manner and so I have complete control over the records. I'm finding I
> cannot add records that I want to at my existing registrar, maybe I
> should just switch to a better one?

Perhaps. Practically all of the public registrars have
a GUI interface that allows you to add/manage your
own records. There are usually short delays before
the changes are live but most people do NOT change
their public DNS on a minute by minute basis (how
often do you change ISPs etc...?)

Register.com was lacking any method to do SPF last
I checked (but may have added that in recent months
although they acted deaf when I suggested it earlier
this year) but GoDaddy has TEXT records which work
just fine (as are used in Microsoft DNS anyway.)

What unusual record besides SPF is your motivation?


--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

> Thanks
> AJ
>
> Herb Martin wrote:
>> "AndyJ" <andyjones99@hotmail.co.uk> wrote in message
>> news:1165069286.376497.262630@73g2000cwn.googlegro ups.com...
>> > Hi
>> >
>> > I am planning on being the authority for my external DNS domain and
>> > will be hosting all my and my customers DNS records myself.
>>
>> It is generally a poor idea so what are you specific reasons
>> for doing this?
>>
>> > I plan on
>> > deploying one external DNS server for the time being. Someone told me
>> > that I would need at least 2 external DNS servers to allow the transfer
>> > of this authority to happen at my ISP. Is this true?
>>
>> This is just one of the reasons why it is a poor idea
>> to do it yourself rather than leave the job at your
>> registrar where it belongs for all but the large (in
>> terms of Internet presence) companies.
>>
>> It is a business rule of the Internet, although there
>> are ways to cheat why would you want to do this?
>>
>> > I appreciate the
>> > fact that 2 external DNS servers would provide redundancy but I don't
>> > have the physical hardware at the moment. Could I run 2 guest OS
>> > machines on virtual server and make them both DNS servers, anyone have
>> > any experience with virtualising DNS services? Would this be
>> > advisable??
>>
>> Better to leave your external DNS at the Registrar.
>>
>> --
>> Herb Martin, MCSE, MVP
>> Accelerated MCSE
>> http://www.LearnQuick.Com
>> [phone number on web site]
>>
>>
>> > Thanks all
>> >
>> > AJ
>> >
>

In news:uLfnX1lFHHA.3780@TK2MSFTNGP02.phx.gbl,
Herb Martin <news@LearnQuick.com> stated, which I commented on below:
<snipped>
> Register.com was lacking any method to do SPF last
> I checked (but may have added that in recent months
> although they acted deaf when I suggested it earlier
> this year) but GoDaddy has TEXT records which work
> just fine (as are used in Microsoft DNS anyway.)

Network Solutions does not offer that yet either.

Ace

I am offering Exchange, SPS and LCS hosted services and my provisioning
software allows for automating DNS. If I hosted public DNS internally
this would be a lot easier for me to manage and a lower admin overhead,
although I will still have to register my name servers as the authority
for the new domains.

So I have a requirement to create SRV records too as well as the normal
A, CNAME, MX etc etc.

Thanks

AJ






Herb Martin wrote:
> "AndyJ" <andyjones99@hotmail.co.uk> wrote in message
> news:1165076513.931179.26600@l12g2000cwl.googlegro ups.com...
> > Thanks Herb
> >
> > It is so I can make the changes that I require to be made in a timely
> > manner and so I have complete control over the records. I'm finding I
> > cannot add records that I want to at my existing registrar, maybe I
> > should just switch to a better one?
>
> Perhaps. Practically all of the public registrars have
> a GUI interface that allows you to add/manage your
> own records. There are usually short delays before
> the changes are live but most people do NOT change
> their public DNS on a minute by minute basis (how
> often do you change ISPs etc...?)
>
> Register.com was lacking any method to do SPF last
> I checked (but may have added that in recent months
> although they acted deaf when I suggested it earlier
> this year) but GoDaddy has TEXT records which work
> just fine (as are used in Microsoft DNS anyway.)
>
> What unusual record besides SPF is your motivation?
>
>
> --
> Herb Martin, MCSE, MVP
> Accelerated MCSE
> http://www.LearnQuick.Com
> [phone number on web site]
>
> > Thanks
> > AJ
> >
> > Herb Martin wrote:
> >> "AndyJ" <andyjones99@hotmail.co.uk> wrote in message
> >> news:1165069286.376497.262630@73g2000cwn.googlegro ups.com...
> >> > Hi
> >> >
> >> > I am planning on being the authority for my external DNS domain and
> >> > will be hosting all my and my customers DNS records myself.
> >>
> >> It is generally a poor idea so what are you specific reasons
> >> for doing this?
> >>
> >> > I plan on
> >> > deploying one external DNS server for the time being. Someone told me
> >> > that I would need at least 2 external DNS servers to allow the transfer
> >> > of this authority to happen at my ISP. Is this true?
> >>
> >> This is just one of the reasons why it is a poor idea
> >> to do it yourself rather than leave the job at your
> >> registrar where it belongs for all but the large (in
> >> terms of Internet presence) companies.
> >>
> >> It is a business rule of the Internet, although there
> >> are ways to cheat why would you want to do this?
> >>
> >> > I appreciate the
> >> > fact that 2 external DNS servers would provide redundancy but I don't
> >> > have the physical hardware at the moment. Could I run 2 guest OS
> >> > machines on virtual server and make them both DNS servers, anyone have
> >> > any experience with virtualising DNS services? Would this be
> >> > advisable??
> >>
> >> Better to leave your external DNS at the Registrar.
> >>
> >> --
> >> Herb Martin, MCSE, MVP
> >> Accelerated MCSE
> >> http://www.LearnQuick.Com
> >> [phone number on web site]
> >>
> >>
> >> > Thanks all
> >> >
> >> > AJ
> >> >
> >

"AndyJ" <andyjones99@hotmail.co.uk> wrote in message
news:1166005816.063326.74930@l12g2000cwl.googlegro ups.com...
>I am offering Exchange, SPS and LCS hosted services and my provisioning
> software allows for automating DNS. If I hosted public DNS internally
> this would be a lot easier for me to manage and a lower admin overhead,

In what way? One practically never changes public records.
They tend to be extremely stable (and small in number.)

> although I will still have to register my name servers as the authority
> for the new domains.
>
> So I have a requirement to create SRV records too as well as the normal
> A, CNAME, MX etc etc.

SRV for PUBLIC access? Be sure any registrar you
use (if you follow my advice) supports them.


--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

>
> Thanks
>
> AJ
>
>
>
>
>
>
> Herb Martin wrote:
>> "AndyJ" <andyjones99@hotmail.co.uk> wrote in message
>> news:1165076513.931179.26600@l12g2000cwl.googlegro ups.com...
>> > Thanks Herb
>> >
>> > It is so I can make the changes that I require to be made in a timely
>> > manner and so I have complete control over the records. I'm finding I
>> > cannot add records that I want to at my existing registrar, maybe I
>> > should just switch to a better one?
>>
>> Perhaps. Practically all of the public registrars have
>> a GUI interface that allows you to add/manage your
>> own records. There are usually short delays before
>> the changes are live but most people do NOT change
>> their public DNS on a minute by minute basis (how
>> often do you change ISPs etc...?)
>>
>> Register.com was lacking any method to do SPF last
>> I checked (but may have added that in recent months
>> although they acted deaf when I suggested it earlier
>> this year) but GoDaddy has TEXT records which work
>> just fine (as are used in Microsoft DNS anyway.)
>>
>> What unusual record besides SPF is your motivation?
>>
>>
>> --
>> Herb Martin, MCSE, MVP
>> Accelerated MCSE
>> http://www.LearnQuick.Com
>> [phone number on web site]
>>
>> > Thanks
>> > AJ
>> >
>> > Herb Martin wrote:
>> >> "AndyJ" <andyjones99@hotmail.co.uk> wrote in message
>> >> news:1165069286.376497.262630@73g2000cwn.googlegro ups.com...
>> >> > Hi
>> >> >
>> >> > I am planning on being the authority for my external DNS domain and
>> >> > will be hosting all my and my customers DNS records myself.
>> >>
>> >> It is generally a poor idea so what are you specific reasons
>> >> for doing this?
>> >>
>> >> > I plan on
>> >> > deploying one external DNS server for the time being. Someone told
>> >> > me
>> >> > that I would need at least 2 external DNS servers to allow the
>> >> > transfer
>> >> > of this authority to happen at my ISP. Is this true?
>> >>
>> >> This is just one of the reasons why it is a poor idea
>> >> to do it yourself rather than leave the job at your
>> >> registrar where it belongs for all but the large (in
>> >> terms of Internet presence) companies.
>> >>
>> >> It is a business rule of the Internet, although there
>> >> are ways to cheat why would you want to do this?
>> >>
>> >> > I appreciate the
>> >> > fact that 2 external DNS servers would provide redundancy but I
>> >> > don't
>> >> > have the physical hardware at the moment. Could I run 2 guest OS
>> >> > machines on virtual server and make them both DNS servers, anyone
>> >> > have
>> >> > any experience with virtualising DNS services? Would this be
>> >> > advisable??
>> >>
>> >> Better to leave your external DNS at the Registrar.
>> >>
>> >> --
>> >> Herb Martin, MCSE, MVP
>> >> Accelerated MCSE
>> >> http://www.LearnQuick.Com
>> >> [phone number on web site]
>> >>
>> >>
>> >> > Thanks all
>> >> >
>> >> > AJ
>> >> >
>> >
>

In news:1166005816.063326.74930@l12g2000cwl.googlegro ups.com,
AndyJ <andyjones99@hotmail.co.uk> stated, which I commented on below:
> I am offering Exchange, SPS and LCS hosted services and my
> provisioning software allows for automating DNS. If I hosted public
> DNS internally this would be a lot easier for me to manage and a
> lower admin overhead, although I will still have to register my name
> servers as the authority for the new domains.
>
> So I have a requirement to create SRV records too as well as the
> normal A, CNAME, MX etc etc.
>
> Thanks
>
> AJ

I've never heard of any public DNS offering SRV records, other than for
specific IE SRV records, which is in beta and gone by the wayside lately,
also which I don't yet think any browsers yet support it.

If for AD, keep your SRVs private and just VPN in or have VPN support for
anyone requiring to access/authenticate to internal resources. Public SRVs
for AD are not a good idea.

Maybe you can elaborate a bit more on what exactly you are tyring to do by
offering SRVs publicly.

Ace

Ace Fekay [MVP] wrote:
> In news:1166005816.063326.74930@l12g2000cwl.googlegro ups.com,
> AndyJ <andyjones99@hotmail.co.uk> stated, which I commented on below:
> > I am offering Exchange, SPS and LCS hosted services and my
> > provisioning software allows for automating DNS. If I hosted public
> > DNS internally this would be a lot easier for me to manage and a
> > lower admin overhead, although I will still have to register my name
> > servers as the authority for the new domains.
> >
> > So I have a requirement to create SRV records too as well as the
> > normal A, CNAME, MX etc etc.
> >
> > Thanks
> >
> > AJ
>
> I've never heard of any public DNS offering SRV records, other than for
> specific IE SRV records, which is in beta and gone by the wayside lately,
> also which I don't yet think any browsers yet support it.
>
> If for AD, keep your SRVs private and just VPN in or have VPN support for
> anyone requiring to access/authenticate to internal resources. Public SRVs
> for AD are not a good idea.
>
> Maybe you can elaborate a bit more on what exactly you are tyring to do by
> offering SRVs publicly.
>
> Ace

SRV records are required for LCS - federation, remote access and public
IM connectivity

SJ

In news:1166137953.217950.105990@f1g2000cwa.googlegro ups.com,
AndyJ <andyjones99@hotmail.co.uk> stated, which I commented on below:

> SRV records are required for LCS - federation, remote access and
> public IM connectivity
>
> SJ

So you are offering internal resources to the outside. I see. Most public
registrars do not offer that capability. Usually the software handles the
connection requirements instead of DNS since most public applications do not
yet support SRV records. However, I understand what you are trying to do by
offering certain internal apps outside that work using SRVs, such as
Exchange IM (which the client is similar to but slightly different than the
MSN messenger and would need to download the specific one that will work).
Keep in mind, Exchange IM does not *require* SRVs, but it makes it easier
for most people to simnply type in the domain name with an Exchange IM home
server instead of typing in the whole FQDN of the server.

If you want to do this, you can probably create multiple nameservers using
Windows 2003 as your DNS servers (since they support SRVs), and host your
own domain name just for this purpose and register them as nameservers with
your registrar. Each domain requires two nameservers. But keep in mind, I
wouldn't mix internal and external data however, under the same zone (public
and private IPs).

I hope all works out well. :-)

Ace

Ace Fekay [MVP] wrote:
> In news:1166137953.217950.105990@f1g2000cwa.googlegro ups.com,
> AndyJ <andyjones99@hotmail.co.uk> stated, which I commented on below:
>
> > SRV records are required for LCS - federation, remote access and
> > public IM connectivity
> >
> > SJ
>
> So you are offering internal resources to the outside. I see. Most public
> registrars do not offer that capability. Usually the software handles the
> connection requirements instead of DNS since most public applications do not
> yet support SRV records. However, I understand what you are trying to do by
> offering certain internal apps outside that work using SRVs, such as
> Exchange IM (which the client is similar to but slightly different than the
> MSN messenger and would need to download the specific one that will work).
> Keep in mind, Exchange IM does not *require* SRVs, but it makes it easier
> for most people to simnply type in the domain name with an Exchange IM home
> server instead of typing in the whole FQDN of the server.
>
> If you want to do this, you can probably create multiple nameservers using
> Windows 2003 as your DNS servers (since they support SRVs), and host your
> own domain name just for this purpose and register them as nameservers with
> your registrar. Each domain requires two nameservers. But keep in mind, I
> wouldn't mix internal and external data however, under the same zone (public
> and private IPs).
>
> I hope all works out well. :-)
>
> Ace

Thanks. Exchange IM is something I wont be offering as a service its
pretty much old hat now and is not supported in Exchange 2003. LCS
definately needs SRV records internally and externally and they can be
a bit of a pig to get working correctly.
Thanks for all your advice
AJ

In news:1166169625.457568.123190@f1g2000cwa.googlegro ups.com,
AndyJ <andyjones99@hotmail.co.uk> stated, which I commented on below:

> Thanks. Exchange IM is something I wont be offering as a service its
> pretty much old hat now and is not supported in Exchange 2003. LCS
> definately needs SRV records internally and externally and they can be
> a bit of a pig to get working correctly.
> Thanks for all your advice
> AJ

I should have mentioned LCS is similar to Exchange IM where it does not
*require* SRVs but SRVs make it easier for users to remember the shorter
name and to allow the user to connect to partner and other organizations
configured as part of your trusted "realm". LCS was a replacement for the
older IM service and offers more support for various things that the older
Exchange 2000 did not offer, such as for mobile clients, among other things.

"Enhanced federation uses DNS SRV resolution to locate the Access Proxy of a
federated partner, [...]".

Above quoted from: Live Communications Server 2005 Document: Deployment
Overview, page 3:
http://www.microsoft.com/downloads/t...displayLang=en

Also:
"Direct federation requires that you specify both the Access Proxy and the
SIP domain of each federated partner and that your partners do the same for
you. This procedure provides a high degree of security and control, but it
entails a lot more work and ongoing attention than even restricted enhanced
federation. For this reason, direct federation is recommended only for
partners who have neither upgraded to SP1 nor published a SRV record for
their domain. "

Above quoted from: Live Communications Server 2005 Document: Technical
Overview, page 17
http://www.microsoft.com/downloads/t...displayLang=en

Therefore, just as IM in Ex2000, it does not really *require* SRVs, but
implementing them does offer additional support, which I assume you will
need in your scenario. So it really depends on your scenario and what you're
trying to accomplish.

No problem for the . Good luck. Let us know how you make out.

Ace

Ace Fekay [MVP] wrote:
> In news:1166169625.457568.123190@f1g2000cwa.googlegro ups.com,
> AndyJ <andyjones99@hotmail.co.uk> stated, which I commented on below:
>
> > Thanks. Exchange IM is something I wont be offering as a service its
> > pretty much old hat now and is not supported in Exchange 2003. LCS
> > definately needs SRV records internally and externally and they can be
> > a bit of a pig to get working correctly.
> > Thanks for all your advice
> > AJ
>
> I should have mentioned LCS is similar to Exchange IM where it does not
> *require* SRVs but SRVs make it easier for users to remember the shorter
> name and to allow the user to connect to partner and other organizations
> configured as part of your trusted "realm". LCS was a replacement for the
> older IM service and offers more support for various things that the older
> Exchange 2000 did not offer, such as for mobile clients, among other things.
>
> "Enhanced federation uses DNS SRV resolution to locate the Access Proxy of a
> federated partner, [...]".
>
> Above quoted from: Live Communications Server 2005 Document: Deployment
> Overview, page 3:
> http://www.microsoft.com/downloads/t...displayLang=en
>
> Also:
> "Direct federation requires that you specify both the Access Proxy and the
> SIP domain of each federated partner and that your partners do the same for
> you. This procedure provides a high degree of security and control, but it
> entails a lot more work and ongoing attention than even restricted enhanced
> federation. For this reason, direct federation is recommended only for
> partners who have neither upgraded to SP1 nor published a SRV record for
> their domain. "
>
> Above quoted from: Live Communications Server 2005 Document: Technical
> Overview, page 17
> http://www.microsoft.com/downloads/t...displayLang=en
>
> Therefore, just as IM in Ex2000, it does not really *require* SRVs, but
> implementing them does offer additional support, which I assume you will
> need in your scenario. So it really depends on your scenario and what you're
> trying to accomplish.
>
> No problem for the . Good luck. Let us know how you make out.
>
> Ace
Yes I have read all this and designed/deployed a large enterprise
deployment You also need SRV records for public IM otherwise the
Public IM providers access proxies cannot find yours. So I *do* need
them, I wish I didn't though

Cheers

In news:1166208554.445833.5530@80g2000cwy.googlegroup s.com,
AndyJ <andyjones99@hotmail.co.uk> stated, which I commented on below:

> Yes I have read all this and designed/deployed a large enterprise
> deployment You also need SRV records for public IM otherwise the
> Public IM providers access proxies cannot find yours. So I *do* need
> them, I wish I didn't though
>
> Cheers

It appears you do need them in your scenario! Good luck with everything!

Happy Holidays!

Ace