Have you ever had to ask a member of your organization to create an URL for you? Do you know anyone who has? Say you try to ping url JustAnotherAardvark.frommyorg and it doesn't answer what you want, 10.10.10.10, can you open a trouble ticket? If so, to what group would that ticket be assigned?JustAnotherAardvark said:Me. If I can't resolve it where I need it, I have to dance around various network segments until I can ping the URI I've been given, then access it by IP from the location I need to access it from.
What do you mean by DNS? Is it the top level DNS, so the question is which global group does it? The DNS in your workplace, so which part of the IT department does that? The DNS as a whole, so which group (say, IEEE or a specific subdivision) does the planning and control?Gorfias said:What IT group handles DNS? Can it be more than one group, a shared responsibility?
He mentions active directory in the poll so its workplace DNS.DoPo said:What do you mean by DNS? Is it the top level DNS, so the question is which global group does it? The DNS in your workplace, so which part of the IT department does that? The DNS as a whole, so which group (say, IEEE or a specific subdivision) does the planning and control?Gorfias said:What IT group handles DNS? Can it be more than one group, a shared responsibility?
He also mentioned Linux which was quite bizarre.albino boo said:He mentions active directory in the poll so its workplace DNS.DoPo said:What do you mean by DNS? Is it the top level DNS, so the question is which global group does it? The DNS in your workplace, so which part of the IT department does that? The DNS as a whole, so which group (say, IEEE or a specific subdivision) does the planning and control?Gorfias said:What IT group handles DNS? Can it be more than one group, a shared responsibility?
DoPo said:He also mentioned Linux which was quite bizarre.
The guy that implemented it used BIND and more. Sadly, he had to do it with Windows, but he got the job done.albino boo said:The only thing I could think off was running a BIND9 server under Linux. Personally I refuse to run BIND on windows, the GUI overhead defeats the point of BIND.
Thanks. Do you have your own in-house DNS or do you use external DNS servers? A big part of the duties we deal with: DHCP and DNS are done in the same set of boxes. If someone has a request (make gorfias.batcave.org point to 10.10.10.10) that group would handle it.DoPo said:...at my job, IT is really just a few people so if we did have an issue with DNS, we can contact any one of them in order to sort it out.
We have a guy saying that this task is done typically by the security group (who handle firewalls). I think he is full of it. From what I'm reading on this thread, any number of groups might be assigned this task.Whoracle said:The guys who run your internal DNS servers are the ones who have to implement your DNS record.
Well, again this depends. Many Firewall appliances are the DNS server for an internal network, at least in smaller networks, so yeah, in that case the firewqall guys might be the right ones.Gorfias said:We have a guy saying that this task is done typically by the security group (who handle firewalls). I think he is full of it. From what I'm reading on this thread, any number of groups might be assigned this task.
I do run some sort of in-house DNS but I'm not fully aware of the specifics, actually. From just looking up some stuff it doesn't look like DHCP and DNS are on the same machine for us, but that's only judging from the IP addresses. Still, I think it's safe to assume they aren't. I am fairly sure the internal DNS is only used for lookups to internal resources in the 192.168.0.0/16 IP range, though I may be wrong.Gorfias said:Thanks. Do you have your own in-house DNS or do you use external DNS servers? A big part of the duties we deal with: DHCP and DNS are done in the same set of boxes. If someone has a request (make gorfias.batcave.org point to 10.10.10.10) that group would handle it.DoPo said:...at my job, IT is really just a few people so if we did have an issue with DNS, we can contact any one of them in order to sort it out.
I imagine it would be different if your org uses godaddy.com and wants a presence at Amazon.
The normal setup is for the internal DNS to use forwarders to resolve external addresses with the well used addresses cached locally.DoPo said:I do run some sort of in-house DNS but I'm not fully aware of the specifics, actually. From just looking up some stuff it doesn't look like DHCP and DNS are on the same machine for us, but that's only judging from the IP addresses. Still, I think it's safe to assume they aren't. I am fairly sure the internal DNS is only used for lookups to internal resources in the 192.168.0.0/16 IP range, though I may be wrong.
Oh, I'm just being Mr Grumpypants about our matrix management setup.Gorfias said:Have you ever had to ask a member of your organization to create an URL for you? Do you know anyone who has? Say you try to ping url JustAnotherAardvark.frommyorg and it doesn't answer what you want, 10.10.10.10, can you open a trouble ticket? If so, to what group would that ticket be assigned?JustAnotherAardvark said:Me. If I can't resolve it where I need it, I have to dance around various network segments until I can ping the URI I've been given, then access it by IP from the location I need to access it from.
That sounds like what our setup does, with the addition that we do lookup 192.168.0.0/16 as the range spans the globe - we have several offices around the world. We're not, like, massive in staff (as evidenced by the fact we use the smallest private network address space) so mostly each office is given one /24 block for work machines or probably sometimes /23 or /22, if other services are required there, I suppose we may have /24 blocks dedicated to some more specific globally shared resources, e.g., various testing environments. That's as much as I know about our network layout, though and I really only know which /24 block we use in our office - the rest of the useful IPs are either in various documents or...well, in the DNS, so I don't really need to know where they are.albino boo said:The normal setup is for the internal DNS to use forwarders to resolve external addresses with the well used addresses cached locally.DoPo said:I do run some sort of in-house DNS but I'm not fully aware of the specifics, actually. From just looking up some stuff it doesn't look like DHCP and DNS are on the same machine for us, but that's only judging from the IP addresses. Still, I think it's safe to assume they aren't. I am fairly sure the internal DNS is only used for lookups to internal resources in the 192.168.0.0/16 IP range, though I may be wrong.
Sounds like your organization is huge. We're not as layered in mine.Whoracle said:Generally, it's a layered process:
Lol. You should see the kind of looney requests we get. Last one was, can you redirect traffic from the organization website to my laptop? Network: um, no. I mean, we could, but it would cause the end of time and space.The Message flow usually goes like this:
User: "Hey, I want lolwut.company.org to point to my smartphone!"
Network Guy: "Why would you need that? Isn't an /etc/hosts entry (or c:\Windows\system32\drivers\etc\hosts entry) enough?"
User: "Nope, the guys in accounting need to access that, too..."
Network Guy: "OK, Let me check if this is valid per policy." *checks* "OK, strangely enough this IS valid, even though by all means it shouldn't be... well, USER, we're on it." *calls admins* "Hey guys, make lolwut.company.org point to 10.10.10.10 as an A record!"
Admins: "*sigh* As if we didn't have anything better to do... why can't the users do simple stuff like that themselves? *eyeroll* OK, we're done!"
Network Guy: "OK, USER, we're done. Enjoy!"
User then goes on to whine about how it doesn't work, why he needs to setup his smartphone for a static address, etc...
Network Services sounds generic enough. Sounds like the DNS/DHCP architecture need not be in security only. Thanks!JustAnotherAardvark said:Yes, you pop in a ticket, and it eventually gets over to network services (or whatever 'rebranded' name is being done this month).
The process is layered, independent of company size. Even if you're only one guy, that's the steps you go through. Only then you're responsible for every layer, and the question of "who does what" is kinda mootGorfias said:Sounds like your organization is huge. We're not as layered in mine.
And requests such as these are why I hate not having enough malicious energy to sometimes just do EXACTLY what they say. Let their teensy notebook chew on 10k or more hits/minute with their abysmal upstream on their 16k DLS connection, and when they come back and whine about "the internet being slow", just fall out of the chair laughing, then leave the job for goodLol. You should see the kind of looney requests we get. Last one was, can you redirect traffic from the organization website to my laptop? Network: um, no. I mean, we could, but it would cause the end of time and space.
In a way, I'm lazy enough NOT to do exactly as asked knowing I'm just going to have to revisit the issue if I don't educate the customer.Whoracle said:And requests such as these are why I hate not having enough malicious energy to sometimes just do EXACTLY what they say. Let their teensy notebook chew on 10k or more hits/minute with their abysmal upstream on their 16k DLS connection, and when they come back and whine about "the internet being slow", just fall out of the chair laughing, then leave the job for good
Well, obviously whenever anybody has this request, they actually mean for you to submit an RFC, have it approved and accepted as a new DNS standard, have it be implemented everywhere, so it's actually usable and then do the change they wanted in the first place. If possible, have it done by 5 o'clock today.Gorfias said:Or someone thinking a DNS name alone can redirect to a sub-directory on a server ie world.org/city/resident.