1

In our environment we have a very uniq requirement. Let me explain you our environment first.

We have DEV,TEST,PRE-PROD & PROD environment, and every environment has its own DNS server ( Primary and slave ) to resolve the hostnames.

What we want now is create one mamangement server , who will be able to resolve all environment servers (DEV,TEST,PRE_PROD) except PRODUCTION environment.

So I thought, putting all environments DNS servers IP address in this management servers resolv.conf will resolve the issue. BUT it is just resolving servers hostname whose entry is registered with first DNS server type. For e.g , I have mentioned DEV environments DNS server, so it resolved only DEV servers . When I try to resolv other environment servers like PRE-PROD or TEST, they didn't resolv.

I read multiple blogs and post and general consensus is that resolver just check first entry and in case of time out or SERVFAIL then only it goes to second name server from resolv.conf.

I would like to take your opinion/suggestion on how do i achieve this requirement.

Note:- We are using RHEL 6 equivalent.

Thanks

Prakash Sharma
  • 31
  • 3

2 Answers2

2

Presentation of internal domains is handled by your recursive DNS servers, not by the resolvers present on individual devices. Configuring a device to rely on multiple recursive servers with different configurations is an inconsistent user experience in the best case scenario, and extremely hard to diagnose and troubleshoot in the worst.

What you need to do at this point depends on whether each environment has its own unique domain suffix.

Each environment has a unique domain suffix

  1. Stand up a new set of recursive DNS servers for your management server. Alternatively, this can be a nameserver process that runs on the management server itself. It depends on whether you anticipate other devices on your network needing the same level of functionality in the future.
  2. Configure a forwarder zone for each unique domain suffix associated with your various environments. Each forwarder zone will forward traffic to the DNS servers which are authoritative for the given domain.
  3. Point your management server at the DNS software you just configured. If the nameserver process lives on the same machine, use 127.0.0.1. (localhost)

Each environment has its own unique version of the same zone

  1. Weep.
  2. Don't do that next time.
Andrew B
  • 32,588
  • 12
  • 93
  • 131
0

Put all your environments in the same DNS. There are many naming schemes but make the service names obvious: db.dev.example.com is dev, db.test.example.com is test, and so on.

Enforce the configuration of each environment with deployment tools and change control.

Deny connections that are not in the design with firewalls and segmentation.

Do a root cause investigation after any connection to the wrong environment.

John Mahowald
  • 32,050
  • 2
  • 19
  • 34