What is your worst nightmare? A break-in to your home while you’re asleep? Falling into a pit of snakes à la Indiana Jones? How about mistakenly deleting critical records in your company’s network that bring the entire business to a halt? Or not being able to stay competitive when technology is moving faster than ever?
These are just a few scary scenarios that, all too often, are a reality for Microsoft DNS users. Without secure, centralized, automated network management, scaling networks to meet today’s business needs becomes virtually impossible. Enterprises that lag in network efficiency ultimately pay a hefty toll in stunted growth.
No central visibility into the infrastructure is reportedly the most frustrating part of working with Microsoft DNS. The platform was not designed to be centrally managed so users have no idea what they have or what is missing. It’s this disarray that keeps companies from 21st century computing like leveraging the cloud, provisioning mobile solutions, and doing an adequate job of securing important customer data.
Network professionals who are accustomed to working with Microsoft DNS know the pitfalls of this platform all too well:
- Impossible to automate
- No roles-based permissions for admins
- No audit of DNS changes
- Once a change is made, it is synced out to the network
- No rollback available
- High probability of human error
- Unnecessary complexity
- No security
In honor of Halloween, grab a fistful of candy, lock your door, and read – if you dare – these horror stories from network professionals who have lived through the terror of dealing with Microsoft DNS.
“With no central storage for all disparate pieces of data, it is impossible to automate with Microsoft.”
“No central visibility into the data means no idea what network changes are made. You don’t know what you have or what you’re missing – and there is no way to undo anything.”
HOUSE OF HORRORS
“Microsoft DNS is a house of cards.”
“Microsoft is not designed to be managed centrally. This prevents us from moving forward on important business initiatives like moving processes to the Cloud and offering mobile options.”
“We’re one of the world’s largest brands. We operate in 150 countries with 150,000 employees. Yet, just three network admins can manage Microsoft changes using specially assigned laptops. They referred to the laptop as their ‘nuclear football’. Once someone mistakenly deleted a zone that took out the intranet and Exchange for half a day. As most don’t know, there is no ‘Delete Undo’ function in Microsoft DNS so it was lost altogether. Had they not had an off-line copy in the lab, they would not have been able to restore those critical applications.”
“Doing a deployment to a Microsoft DNS server involves creating new zones, but instead of adding the new zone into the configuration, it instead deleted all the zones and then re-added them (with the new ones). Microsoft DNS also pushes out the resource records (RR), so you have to wait while it rebuilds everything. This is a problem, especially in large environments. It takes time to rebuild all the zones, push them out and replicate all the changes.”
“I did a deployment and it deleted EVERYTHING… Then I had no choice but to sit there while it rebuilt everything. In the meantime, Active Directory replicated all the delete operations to the other DCs and all the DNS data magically disappeared from AD. I ended up with an outage of nearly an hour!”
“Delete operations don’t actually delete the data, as you would expect. Data still lurks there until AD purges the data as part of the tombstoning process. In the meantime, it adds all the records again as new AD objects, so your AD object database grows massively with every deployment.”
“An engineer deleted a customer’s entire Active Directory DNS because they didn’t realize that MS DNS replicates delete operations too!”
WARY OF WINDOWS
“At a large semi-conductor company, MS Windows DNS servers were also used as file servers. A Windows server is NOT a purpose-built DNS server, and typically, a lot of Windows admins have access to it. The additional churn on the disk from the file server role caused HDD crashes that crippled the DNS server and shuttered business services.”
“Scavenging to remove outdated records presents its own horrifying headaches, with non-dynamic records often being scavenged, too. I’ve seen the scavenging process delete stuff it wasn’t meant to, and not delete stuff it was supposed to!”
“If you have more than 10,000 records when performing a zone reload, better go grab a coffee.”
8 Network Automation Tasks for Anyone to Get Started
Automating your network can be daunting, but the payoff is huge. Here are eight easy automation tasks to help any network engineer get started.
For DNS server caching, what is the ideal TTL?
Many factors affect how to set time to live (TTL) for DNS servers. Learn more, plus how BlueCat Edge’s TTL features can bolster your network.
10 best Ansible modules for infrastructure as code
10 (plus a bonus) Ansible automation modules that anyone—from a beginner to a power user—can leverage to transform their network infrastructure to code.
NSA and CISA: Protective DNS key to network defense
U.S. cyber agencies now point to protective DNS as a defense strategy, confirming what BlueCat already knew: DNS is critical to detecting network threats.