[OT] Reverse DNS

[Jeff Vian]

Mark Haney wrote:

> On Fri, 25 Jun 2004 23:07:35 +0200, Alexander Dalloz  
> <alexander.dalloz at uni-bielefeld.de> wrote:
>
>> What is the advantage for your / your company to have the nameserver
>> under own control? And having DNS administered by Network Solutions does
>> not prevent you from running a DNS server your own. Forward and reverse
>> resolution can be managed by different servers / service agents
>> (companies).
>>
>> For running a mail server having a proper reverse resolution is no must
>> have. Of course it is recommended, because some providers started to
>> make that a requirement in the field of fighting nowadays SPAM.
>>
>> Your argument is true when saying that if the whole line is down and no
>> server is reachable on your site, what would it help if DNS is still
>> acting because running at an outside provider. But said that, it is a
>> must to have at least 2 DNS servers responsible for a domain. This is
>> for fallback. So a fallback MX is up from a certain size a
>> recommendation too (not a must like with the DNS).
>>
>> I would suggest: get the DNS and what else services like mail inhouse
>> and keep Network Solutions as secondary DNS service (you have master
>> zone control and they are slaves). This is for forward name resolution
>> as well for reverse. Maybe they offer a fallback MX too. You are then on
>> the safe side.
>>
>> Alexander
>>
>>
> And I agree with all of that.  The only issue here is that my boss is  
> worse than paranoid.  He's one of these 'know enough to be dangerous' 
> geek  wannabes and has all these fears and phobias over things.  He 
> doesn't like  having DNS in house because he didn't have anyone to 
> manage it (except for  me now) and like I said earlier he was 
> concerned about domain availability  if the T1 went down and DNS was 
> here.
>
> I fully intend on moving to the fedora DNS server here in house as 
> soon as  I feel comfortable enough with telling him that that box even 
> exists.   He's all M$, and linux makes him nauseous.  It's just been a 
> struggle to  move forward when 'the man' wants to hold you back out of 
> fear of the  unknown.
>
I have worked for that type individual.  Only experience will aussage 
his fears, and that can be gotten by setting up your in-house primary 
DNS with the external provider as secondary DNS.  As has been mentioned, 
the secondary server will handle those times when your connection may be 
interrupted.  This configuration can be done completely transparent so 
he does not even know it has been done at first.  After an extended 
period of having it work that way you can then provide evidence that "it 
just works" and is reliable.

Unless he is prone to micro-management and snooping as well as vengeful 
or can get you fired for being creative, it should help calm his fears 
when he sees the statistics.  

Another argument that would support you is that it is easier to make 
sure configs are correct and timely if you are able to do them inhouse 
rather than depending on properly understood instructions and the 
schedule for an external provider to make the changes when needed.