UMass Lowell Information Technology is redesigning our DNS infrastructure. Currently, internal DNS services are run on our Microsoft Active Directory domain controllers and external DNS services are run from our Infoblox appliances.
UMass Lowell has used the Infoblox network infrastructure appliances for over five years. The Infoblox product and architecture is the best in the business, with a rock solid reputation for reliability and security that Microsoft simply cannot match. We are migrating our DNS services in order to provide a more robust, scalable, and standardized DNS architecture for our growing campus needs.
What DNS changes are being made?
All internal DNS services will be moved from our Active Directory domain controllers (188.8.131.52, 184.108.40.206, and 129.63.199) to new Infoblox appliances.
Information Technology will update all DHCP scopes reflect the new internal DNS server IP addresses of: 220.127.116.11 and 18.104.22.168. During this process, we will also be pruning our external DNS records so that only public-facing IP addresses (129.63.X.X) are resolvable from the internet.
Which records are being pruned
A (host) records with a Private Addresses (10.x.x.x)
SRV (service) records for VoIP phones
Call to Action: Check your Servers and Devices between June 27th 2014 and July 31, 2014.
• For servers and desktops configured with static IP addresses, you will need to set the DNS server addresses to the new IP addresses: 22.214.171.124 and 126.96.36.199. Do not make this change before June 27, and please ensure it is complete prior to July 31. Ensure you remove all instances of using 188.8.131.52, 28, or 199 as DNS server prior to the July 31 date.
• Devices like VoIP phones, Wi-Fi hotspots, PXE boot machines, Internet Connected Devices, etc. that have hard-coded DNS Resolver settings will need to be updated.
• If you are running a departmental DNS server, does it perform recursion directly to the Internet root servers? If not, verify that your forwarders have been updated to the new IP addresses. Hint: It they should not generally be using recursion directly to the Internet.
Systems you do not have to worry about are.
1. Notebooks and Desktops, or anything else that automatically gets its IP address from DHCP.Please help us remedy clients, servers, and devices that resolve against DNS 184.108.40.206, 220.127.116.11, or 18.104.22.168 By July 31, 2014
2. VDI workstations (these are all configured for DHCP)
3. Devices that do not communicate with anything outside of their local subnet.
If you have any questions, please contact Kevin Smith at 978.934.4769 or via email at Kevin_Smith@uml.edu