Warning: Cannot modify header information - headers already sent by (output started at /home/it1230cb/public_html/blog/wp-content/plugins/all-in-one-seo-pack/all_in_one_seo_pack.php:4197) in /home/it1230cb/public_html/blog/wp-includes/feed-rss2-comments.php on line 8
Comments for ITdojo Information Technology Blog http://www.itdojo.com/blog Information Technology Training and Consulting Wed, 17 Mar 2010 23:36:38 +0000 http://wordpress.org/?v=2.7.1 hourly 1 Comment on Pondering DNS Placement by Colin http://www.itdojo.com/blog/2009/06/pondering-dns-placement/comment-page-1/#comment-3521 Colin Wed, 30 Sep 2009 19:54:04 +0000 http://www.itdojo.com/blog/?p=540#comment-3521 Mike, I can speculate. I suspect that your DMZ DNS servers provide DNS services to Internet users resolving names for your company's domain name (MX, www, vpn, etc.). Assuming your DNS servers are for centrelearn.com they do not support recursion (I verified this with nslookup) so they will not work as the configured DNS servers for your DMZ servers. This means the DMZ servers are forwarding queries to the load balancer DNS in order to resolve all things on the Internet. Your predecessors may have felt this was a more secure solution than having your DMZ servers forwarding to your ISP's DNS server(s). To summarize: Requests from the Internet to resolve resources in the centrelearn.com namespace are forwarded to your DNZ DNS servers. The DMZ servers (www, vpn, smtp, etc.) are forwarding their DNS queries to the load balance to resolve resources on the Internet. Colin Weaver Mike,

I can speculate. I suspect that your DMZ DNS servers provide DNS services to Internet users resolving names for your company’s domain name (MX, www, vpn, etc.). Assuming your DNS servers are for centrelearn.com they do not support recursion (I verified this with nslookup) so they will not work as the configured DNS servers for your DMZ servers. This means the DMZ servers are forwarding queries to the load balancer DNS in order to resolve all things on the Internet. Your predecessors may have felt this was a more secure solution than having your DMZ servers forwarding to your ISP’s DNS server(s).

To summarize: Requests from the Internet to resolve resources in the centrelearn.com namespace are forwarded to your DNZ DNS servers. The DMZ servers (www, vpn, smtp, etc.) are forwarding their DNS queries to the load balance to resolve resources on the Internet.

Colin Weaver

]]> Comment on Pondering DNS Placement by Michael Woods http://www.itdojo.com/blog/2009/06/pondering-dns-placement/comment-page-1/#comment-3428 Michael Woods Thu, 24 Sep 2009 15:35:39 +0000 http://www.itdojo.com/blog/?p=540#comment-3428 Hello Collin, While researching a dns issue/question I came across your post "Pondering DNS Placement" and wanted to find out if you answers a few questions. Current Setup: Fatpipe ISP load balancer hosting our own DNS records Connects to our firewall external port Firewall Optional port is where our DMZ resides Firewall Internal port is where our private network exists We have 2 internal DNS servers and 2 DNS servers sitting in the DMZ. I inheritted this network 2 months ago and have been trying to map it out every since. My questions are: 1) If I am hosting my own DNS on the load balancer then what is the need to have dns servers in the dmz? If I didn't have them there and point my dmz servers to the ISP dns then the dmz servers would resolve each others hostnames via netbios broadcast or hostfile if I chose to do so? I've never really had to build DMZ DNS servers and just trying to better understand their role and what records/zones I need to have on them. Thanks, Mike Hello Collin,

While researching a dns issue/question I came across your post “Pondering DNS Placement” and wanted to find out if you answers a few questions.

Current Setup:
Fatpipe ISP load balancer hosting our own DNS records
Connects to our firewall external port
Firewall Optional port is where our DMZ resides
Firewall Internal port is where our private network exists

We have 2 internal DNS servers and 2 DNS servers sitting in the DMZ.

I inheritted this network 2 months ago and have been trying to map it out every since. My questions are:

1) If I am hosting my own DNS on the load balancer then what is the need to have dns servers in the dmz? If I didn’t have them there and point my dmz servers to the ISP dns then the dmz servers would resolve each others hostnames via netbios broadcast or hostfile if I chose to do so?

I’ve never really had to build DMZ DNS servers and just trying to better understand their role and what records/zones I need to have on them.

Thanks,
Mike

]]> Comment on 64-Bit Vista … Buh-Bye! by Prestone http://www.itdojo.com/blog/2009/03/64-bit-vista-buh-bye/comment-page-1/#comment-1508 Prestone Wed, 25 Mar 2009 17:42:21 +0000 http://www.itdojo.com/blog/?p=483#comment-1508 The prolific USB to Serial chipset and FTDI should both work in 64 - were any of your USB to serials one of those? Just curious. I have verified that this one works: http://sewelldirect.com/usbtoserial.asp The prolific USB to Serial chipset and FTDI should both work in 64 - were any of your USB to serials one of those? Just curious.

I have verified that this one works: http://sewelldirect.com/usbtoserial.asp

]]> Comment on Measuring Business Success With Splenda by Colin http://www.itdojo.com/blog/2008/09/measuring-business-success-with-splenda/comment-page-1/#comment-1378 Colin Tue, 10 Mar 2009 03:42:57 +0000 http://www.itdojo.com/blog/?p=29#comment-1378 Yeah, but energy drinks are crazy expensive, even when you buy them in bulk. It'd make more sense financially for me to offer free "scratcher" lottery tickets than it would to offer energy drinks. I'm all about being cool but I have to draw the line somewhere. ;) Yeah, but energy drinks are crazy expensive, even when you buy them in bulk. It’d make more sense financially for me to offer free “scratcher” lottery tickets than it would to offer energy drinks. I’m all about being cool but I have to draw the line somewhere. ;)

]]> Comment on Measuring Business Success With Splenda by Kenny http://www.itdojo.com/blog/2008/09/measuring-business-success-with-splenda/comment-page-1/#comment-1331 Kenny Fri, 06 Mar 2009 13:27:06 +0000 http://www.itdojo.com/blog/?p=29#comment-1331 It just means that more people are addicited to coffee now. Between DD and Starbucks millions upon millions of people are addicited to caffiene and "need" it for their daily survival. Its becoming a trend.. the non-drinkers are starting to become shunned and labed as outsiders and not part of the bandwagon of the times. Start offering energy drinks, and see how quick those go. I bet they'd disappear just as quick as Splenda. It just means that more people are addicited to coffee now. Between DD and Starbucks millions upon millions of people are addicited to caffiene and “need” it for their daily survival. Its becoming a trend.. the non-drinkers are starting to become shunned and labed as outsiders and not part of the bandwagon of the times. Start offering energy drinks, and see how quick those go. I bet they’d disappear just as quick as Splenda.

]]> Comment on Day 1. Install Fedora. Check. …Now Reinstall Fedora. F@#$. I need some Adobe AIR! by Day 1. AdobeAIR is on, Now I Need to Tweet! | ITdojo Information Technology Blog http://www.itdojo.com/blog/2009/02/day-1-install-fedora-check-reinstall-fedora-check-f/comment-page-1/#comment-959 Day 1. AdobeAIR is on, Now I Need to Tweet! | ITdojo Information Technology Blog Fri, 06 Feb 2009 04:48:15 +0000 http://www.itdojo.com/blog/?p=138#comment-959 [...] or Spaz.  Both clients require AdobeAIR and I got that installed a little earlier this evening.  You can read about installing AdobeAIR by clicking here.  You can download twhirl here and you can download Spaz here.  When you download them using [...] [...] or Spaz.  Both clients require AdobeAIR and I got that installed a little earlier this evening.  You can read about installing AdobeAIR by clicking here.  You can download twhirl here and you can download Spaz here.  When you download them using [...]

]]> Comment on IPv6: It Takes a Village by Derek Morr http://www.itdojo.com/blog/2008/07/ipv6-it-takes-a-village/comment-page-1/#comment-3 Derek Morr Wed, 02 Jul 2008 15:40:46 +0000 http://www.itdojo.com/blog/?p=13#comment-3 I disagree with your first point (that RFC1918 space is bigger than even the largest enterprise). Comcast exhaused the 10/8 block several years ago, and that's been driving them to migrate to IPv6. Further, you can run into issues when RFC1918 spaces collide. For example, if two companies merge, and both are using 1918 space, you will likely have to renumber one of the networks. IPv6 nicely solves this problem. I disagree with your first point (that RFC1918 space is bigger than even the largest enterprise). Comcast exhaused the 10/8 block several years ago, and that’s been driving them to migrate to IPv6.

Further, you can run into issues when RFC1918 spaces collide. For example, if two companies merge, and both are using 1918 space, you will likely have to renumber one of the networks. IPv6 nicely solves this problem.

]]> Comment on The Unfolding IPv6 Transition by ITdojo Technology Blog » Blog Archive » IPv6: It Takes a Village http://www.itdojo.com/blog/2008/06/the-unfolding-ipv6-transition/comment-page-1/#comment-2 ITdojo Technology Blog » Blog Archive » IPv6: It Takes a Village Wed, 02 Jul 2008 13:19:15 +0000 http://www.itdojo.com/blog/?p=6#comment-2 [...] a previous post (http://www.itdojo.com/blog/?p=6) I discussed the inevitability of an IPv6 migration for all of us. It is going to happen and you [...] [...] a previous post (http://www.itdojo.com/blog/?p=6) I discussed the inevitability of an IPv6 migration for all of us. It is going to happen and you [...]

]]>