20 December 2016
This is an industry wide problem right now. I call it a problem because in every case where I’ve seen it done the DNS system is either implemented poorly, the
product is poor, or the people engineering it don’t understand the below situation with Dynamic DNS.
We’ve had big challenges with getting dynamic DNS running in my organization using bluecat IPAM/DNS appliances. From what materials I’ve read on Bluecat they’re
a fairly extensible system and has support for this functionality. I don’t do the day-to-day with the system so it’s hard for me to pinpoint exactly where our problems are but I do know that our network team has had to rebuild 2 implementations with top level
Bluecat engineering support to do it successfully without losing the data.
Typically, the “taking over DNS” thing is in combination of owning the following services:
Load Balancing (F5 GTM likes to own DNS zones as well)
Modern plans seem to be trending towards a DHCP-everything environment (where all servers are DHCP), but given what I’ve seen out of the robustness of the solution
we’ve got (and it’s really poor from my outside assessment), I’m scared to see what would happen if the DHCP leases/reservation database poofed into thin air without backups, especially considering our firewall rules are 1:1 across our server stack.
My company isn’t the only one undergoing this transition. Years ago I saw an MSP espouse the virtues of Infoblox. The marketing seemed on point and from a high
level view the product seemed to be pretty decent, even going so far as offering pretty extensive APIs for DNS management, and doing the often rarely implemented (and when it is, poorly) DNSSEC key management and rotation (something Windows generally handles
A company I recently interviewed for recently passed the buck on DNS to their networking team as well. I’m unsure as to whether their experience has been positive