It’s always DNS. Anyone who has worked at Mirazon for more than a week can tell you that we say this phrase a LOT. Of course, I’m being a bit facetious, but it really is shocking just how many problems lie within DNS. As consultants, we see dozens of different ways that DNS is set up incorrectly and how that causes issues for people.
Depending on the technology you’re using, there may be a clear and obvious reason why DNS would cause a problem. Windows computers joined to an Active Directory domain, for example, are clearly going to be heavily dependent on DNS for things like name resolution, GPOs and other things … but what about Hyper-V clusters?
If you’re familiar with VMware you know that you can boot it up when the rest of the environment is down (normally) and get to things, but what about Hyper-V? Well … it depends. Depending on how the environment is configured, it may not be possible to bring up a Hyper-V cluster without DNS availability. OK, well we can still access the storage, right? So we can just manually turn on a DC, point to it and be happy … well … Maybe not. If you’re using CSVs, again, without DNS resolution to a functional domain controller, you may not be able to even access the storage. Because of all of this, setting up DNS resolution properly is vital for a Hyper-V environment.
If you’re thinking, “I’m going with VMware because that sounds terrible,” think again. Depending on what features and functions you are using with VMware, it too is DNS dependent. So much so that you can’t even deploy a vCenter appliance without pre-configured DNS resolution. In previous iterations of VMware (think back to vSphere 4), a host wouldn’t be manageable for 15-20 minutes if it couldn’t talk to DNS upon boot.
Not only is pointing your servers to valid DNS servers (and always valid, regardless of environmental woes) incredibly important, but putting those DNS servers in the proper order can also be the difference between services breaking or not working and performing as they are supposed to. Add in geo-redundancy and a mix of physical and virtual servers and it can get quite complicated.
Properly configuring DNS server sources is also important from a security standpoint. Misconfigured DNS sources can lead to divulging internal names and IPs of resources to public users, which can make attacks on the internal network much easier.
In short, there are many ways of configuring DNS wrong, but only a few to configure it right.