Tuesday, May 03, 2011

Control your DNS!

Every IT Manager should have control of their organization's Domain Name System (DNS), both internal and external. If the organization doesn't controls its own DNS, then you're getting the short end of the stick!

Every enterprise (both small & large) runs its own internal DNS because that allows it to manage the network. The same can be said about external DNS - it allows for the management of resources on the Internet (meaning external to the organization). Email, inbound & outbound traffic management, failover, business continuity & disaster recovery, security, web filtering, content filtering, everything. The Domain Name System is the bedrock upon which the network is built. I can tell you from experience that you don't want your Internet Service Provider (ISP) to have control of your organization's DNS.

Especially for small organizations, managed DNS services can pay for themselves. Start of authority (SoA) and email delivery services are all part of managed DNS services. As I've learned from my experiences as an IT Manager who's gone thru multiple hurricanes, one of the most important aspects of business continuity & disaster recovery is backup MX services. This means the organization doesn't lose messages because of email server, network, or even building downtime (as in the entire building is offline). Make sure that any backup MX service includes messages spooling (queuing of inbound messages until the mail server comes back online). And if you can afford it, consider store & forward of email.

An example of a provider of managed DNS services is Dyn. The managed DNS services that a vendor must provide should include DNS & domain services, email services, and performance & security services. As with all vendors, there are costs associated with using their services. But these costs pay for themselves when the time comes - instead of waiting for 3 days for the support folks at your ISP to make a simple change to your DNS records, it can happen within minutes if you choose the right managed DNS vendor. Control your DNS!

Rob Hiltbrand, MS, CISSP

No comments: