Subtitles of the Movie

When planning a DNS server or servers, there are a few very important considerations. Like any application, DNS has some specific requirements when it comes to system architecture. The most important things to consider are memory, CPU, hard disk space, the selection of operating system and DNS server application, and security. Memory is one of the most critical, if not the most critical aspect of a DNS server. When a DNS server starts up, all of the zones contained in zone files on that system are loaded in the memory. In addition, all cache data is held in memory; to determine how much memory you need; first look at the amount of memory used by the operating system and any other running applications. Add the size of your zones and size of the data your DNS server will be caching. There's no absolute method of estimating the size of cached data; you can either go on experience, or run your DNS server for a few weeks until it stabilizes. The cache will not grow forever; it will eventually stabilize at a value as cache entries are expiring as more being added. You can check how much memory your DNS server is using through the process monitoring utilities on your system; PS in UNIX, and the performance tab in the windows task manager. You are always better of over estimating the amount of RAM you'll need rather than having exactly the predicted amount, or worse under-estimating. Memory is relatively cheap and having more head room will lengthen the upgrade cycle. System CPU and network connection determine the rate at which it can answer DNS queries. Assuming you have enough network bandwidth to your server, the CPU will be the bottleneck. Network bandwidth to a DNS server is typically only an issue at ISPs, as in other organizations the DNS server is on the LAN, which are usually hundred megabits per second. A simple DNS server with moderate traffic, on a LAN, should be able to run on any CPU. It's not uncommon to see DNS servers in small organizations running an older hardware such as Intel 486 or Pentium based systems or sun IPX or original spark stations. A high traffic DNS server such as that in ISP requires more CPU speed, in fact the A root name server at network solutions handle almost half a million queries per day and runs on a huge enterprise class UNIX server, with an enormous amount of CPU power. In addition, using advanced features, the worst offender being encryption such as DNSSEC can increase the need for CPU power as well. Hard drive space is not as much of a concern as most modern hard drives are more than big enough to fit DNS data. If you're thinking of using an older system for your DNS server though, ensure the hard drive has enough room for your zones and cache data in addition to the operating system and any applications. When you decide which operating system you will use for your DNS sever, it will depend on a number of factors, the primary one being the standard operating system in your environment. Many organizations have a standard infrastructure based on windows or UNIX already, and you may not have an option to you use something else. In addition, you may choose the operating system you're most comfortable with; if you know windows well and you don't know UNIX for example, running your DNS system on UNIX wouldn't be the best option. If you have a choice, UNIX is known for its speed and stability, while windows is known for its ease of use. Finally, you need to choose a DNS application. If you're using windows you'll probably choose the windows DNS service. And, if you're using UNIX you'll probably choose BIND. You may have a need for another DNS sever product depending on your environment. If this is the case, the choice will be clear, as BIND or the Microsoft windows DNS service will not fit your requirements. The final consideration in your DNS architecture is security. Security is vital to a DNS server; as an insecure DNS server can lead to attack such as domain Hijacking and email theft. DNS server security is covered later in the tutorial for both the windows DNS server and BIND. In addition to the security of the DNS server application though, the operating system must be secure. An insecure operating system or another insecure application on the system, completely negates a secure DNS server application. Any hole in the system can be used to take control of the entire system and any application running on it.