DNS Configuration actually can be quite entertaining.  Enter the DNS configuration for my house/lab.

I run three domains in my environment.  The first domain, destephen.local, runs my house and my personal computers.  This includes iPads, Laptops, etc.  The second domain, destephen.lab, is used for my testing and sandbox type environments.  This is designed to stand up proof of concepts and/or demonstrations of different technologies.  GuestNet, while not really a domain, but a logical separation, is used for guests (duh). Customer provided laptops also connect through the guest network.  Last but not least is destephen.com.  This domain resides and services machines in my DMZ.

Each of the three domains have their own Windows 2008 R2 Domain Controller.  This includes (as needed): authentication for the realm, DHCP, DNS, Certificate Services, and Distributed File Shares.  Each of the domains have DNS Stub zones configured for each other, providing resolution with minimal integration.  My clients then include all the required search suffixes in the DNS configuration.  The Lab domain also has DNS Stub lookups into other domains across a DMVPN.

GuestNet uses Monowall to provide a some other services and points to destephen.com for DNS resolution.

Within the DMZ resides two BIND DNS Servers running on Ubuntu 12.04.  These servers provide two functions. First, they act as a caching DNS server.  This speeds up queries on busy web pages.  Second, the servers act as a single point of entry/exit from my environment.  DNS to the internet is blocked from everything but the two BIND servers. Each of the three domains have their forwarders configured to point to these two BIND servers.

Even if you do not run multiple domains to segment your environment, I would highly recommend implementing some form of caching DNS solution.  While building a pair of Ubuntu boxes worked well for me, you can also use a Cisco router to handle the efforts.  While having less features, it works well in an environment where there are no servers on the local network.  In my case, the “ip dns server” global configuration is setup on a 1760v at a site on my families network.  This helps provide some basic caching for machines on thier network.  For further reading on the configuration…

If you were sold on a caching DNS server yet, BIND 9.7 also provides some fun graphing opportunities for your Cacti appliance to monitor <grin>.