Every once in a while, an ISP will have a problem with their DNS server and someone can’t access a website.
While troubleshooting the problem, we usually get asked: “If the first server doesn’t give the answer I wanted why didn’t it move to the next one in the list?”
What is DNS?
In the simplest of terms, Domain Name Service (DNS)is the mechanism that translates human-readable names (www.google.ca) into numbers that devices on the internet understand (173.194.33.56).
If we didn’t have DNS you would have to enter that ugly number in each time you wanted to access the website.
It’s a lot easier to remember the name.
Why do you have more than one entry?
Backup.
The second and possibly third servers on the list are there in case the first can’t be connected to.
It means that the first server is either dead, not there or missing.
“Can’t be connected to” is different from “didn’t provide an answer” or “provided the wrong answer”.
Here’s why.
DNS isn’t a “general consensus” protocol where you ask each server on the list for the same information and then take the “best answer”.
That would really slow things down and who’s to say the “best answer” was the one you wanted anyway?
It tries to connect to the first server on the list and, if the connection is successful, it assumes that the answer it gets back is the correct one – even if that information is wrong or empty or nothing returns at all.
It stops there and doesn’t try the next one on the list.
It has an answer – whether you like it or not – why would it continue to look?
However, if that server doesn’t respond (aka dead, not there, missing) your system will try the next DNS server on the list.
It will keep doing this until it makes a connection or reaches the end of the list.
End result.
If the first server is dead and it successfully connects to the second server will it always try the first server for every new request? No.
Your system will remember which of the servers worked last time and try that one first the next time – right up until you restart – then the process starts over again.
Why would a DNS server allow connections but not give an answer?
Usually, this is because that server is too busy to respond to your request.
Bummer for you because you “connected” so the “blank” answer counts.
Don’t confuse a “blank” answer with the “wrong answer” though.
There are a number of reasons why a server might provide you with what it thinks is the right information but it’s not what you were looking for.
The address is in the middle of changing and the server hasn’t updated its copy (cache) with new information being the most common.
Disaster Recovery in the Modern Age Ensures Business Continuity
/2 Comments/in BDR, Disaster Recovery /by James WagnerHundreds of dollars?
Thousands?
Maybe even the loss of a client?
In today’s era of image-based backups, cloud services, and cost-effective on-demand IT services, there is no reason why any business should risk being without a comprehensive disaster recovery plan.
And that is the key: Solid disaster recovery begins with planning.
Identify Your Business
To implement an effective disaster recovery plan, you need to know your business:
Once the essential elements that make up the structure of your business have been identified, creating a disaster recovery plan becomes easier.
Create Your Disaster Recovery Plan
Your disaster recovery plan should integrate with your business in a way that prevents downtime from disrupting your business continuity.
Part of your disaster recovery planning requires you to consider different scenarios.
Having your location damaged as a result of fire or another natural disaster necessitates different protocols than discovering a disgruntled employee has deleted files or compromised security.
In each case, you need to have an action plan in place and be able to respond swiftly.
An oil and gas company may need to prioritize security.
A dental office may need to prioritize access to patient records.
Legal and financial firms will need to address regulatory compliance in their planning.
Most organizations will need to consider the impact of BYOD technology and how that impacts security and disaster recovery both positively and negatively.
Planning for disaster is essential for every business that wants to remain functional, whether a minor disaster occurs (a server fails, an employee deletes essential information) or a dire situation threatens to disrupt your business continuity.
Ideally, you will be able to create a disaster recovery plan that is comprehensive enough to keep you operational in any situation and flexible enough to meet your specific needs.
The benefits of disaster recovery include:
Disaster recovery is not a one-size-fits-all solution.
The ITeam will work with your Alberta business to customize a cost-effective solution and help you develop a comprehensive disaster recovery plan that will ensure the continuity you need.
Contact us for a free consultation.
2015 Business IT Predictions from The ITeam
/0 Comments/in Cybersecurity /by James WagnerBusinesses will embrace the way technology serves to improve interactions with customers, the experience customers have with businesses, and the ability businesses will have to be more productive.
Along the way, every business leader will be forced to consider how to balance the cost of technology with the need to remain risk averse.
All of this will have to complement the need to be flexible enough to remain competitive on an increasingly shrinking global scale. We predict the following factors will become critical for every business leader in 2015:
Risk-Based Security
The road to the digital future must be paved with security. And businesses will have to balance how they approach security so that their customers and data are protected, while at the same time their ability to be flexible is not impeded. Businesses will rely on IT partners to use mitigation tools and risk assessments. IT security will move beyond firewalls and virus detectors, employing a multi-faceted approach to better detection and prevention.
Cloud Ubiquity
In 2015 the adoption of IT security cloud services will become the norm. Indeed, hosted services for email, IP telephony, and backup and disaster recovery make more than economic sense. They make sense for business continuity, becoming essential to organizations of every size. The union of mobile and cloud computing will continue to promote the growth of centrally synchronized applications that can be delivered to any kind of device. Management and coordination of these applications will depend on the cloud.
Comprehensive Infrastructure Solutions
In today’s world, technology changes fast, and consumers expect you to not only keep up with these changes but to always be available as well. Effective planning – not only for this year but for ongoing success – requires a comprehensive approach to infrastructure. In the coming months we’ll explore the different ways in which businesses must prepare for this fast-paced future. Visit regularly to learn about:
– Disaster recovery
– Offsite backup
– Hosted services
– Cloud services
– Managed services
– Server replication
– Server virtualization
Why Do We Have More Than One DNS Entry?
/0 Comments/in Managed IT /by James WagnerEvery once in a while, an ISP will have a problem with their DNS server and someone can’t access a website.
While troubleshooting the problem, we usually get asked: “If the first server doesn’t give the answer I wanted why didn’t it move to the next one in the list?”
What is DNS?
In the simplest of terms, Domain Name Service (DNS)is the mechanism that translates human-readable names (www.google.ca) into numbers that devices on the internet understand (173.194.33.56).
If we didn’t have DNS you would have to enter that ugly number in each time you wanted to access the website.
It’s a lot easier to remember the name.
Why do you have more than one entry?
Backup.
The second and possibly third servers on the list are there in case the first can’t be connected to.
It means that the first server is either dead, not there or missing.
“Can’t be connected to” is different from “didn’t provide an answer” or “provided the wrong answer”.
Here’s why.
DNS isn’t a “general consensus” protocol where you ask each server on the list for the same information and then take the “best answer”.
That would really slow things down and who’s to say the “best answer” was the one you wanted anyway?
It tries to connect to the first server on the list and, if the connection is successful, it assumes that the answer it gets back is the correct one – even if that information is wrong or empty or nothing returns at all.
It stops there and doesn’t try the next one on the list.
It has an answer – whether you like it or not – why would it continue to look?
However, if that server doesn’t respond (aka dead, not there, missing) your system will try the next DNS server on the list.
It will keep doing this until it makes a connection or reaches the end of the list.
End result.
If the first server is dead and it successfully connects to the second server will it always try the first server for every new request? No.
Your system will remember which of the servers worked last time and try that one first the next time – right up until you restart – then the process starts over again.
Why would a DNS server allow connections but not give an answer?
Usually, this is because that server is too busy to respond to your request.
Bummer for you because you “connected” so the “blank” answer counts.
Don’t confuse a “blank” answer with the “wrong answer” though.
There are a number of reasons why a server might provide you with what it thinks is the right information but it’s not what you were looking for.
The address is in the middle of changing and the server hasn’t updated its copy (cache) with new information being the most common.
Can’t Access a New Subnet Through The VPN?
/0 Comments/in Managed IT /by James WagnerA VPN (Virtual Private Network) is a way to securely connect two locations together across the internet.
In this case, we’ll be discussing a Lan-to-Lan connection between two offices.
Lan-to-Lan Connection
Your office is expanding and you’ve run out of IP’s.
You consult your network architect and decide to create a separate subnet, Virtual LAN (VLAN) or zone for a group of machines (e.g. a new floor or a development group).
You and the network architect get the new zone up and running and test the connectivity to the servers and internet successfully.
All is good.
A while later one of the staff on the new subnet tries to access a device at a remote office (say a printer) but it fails.
You check from the server and everything works fine.
When you try and ping the device from the machine it doesn’t respond.
You traceroute it and see that it goes out to the internet instead of through the tunnel.
Why?
The routes are all correct.
You can ping the firewall so you know it’s getting to the right location.
Why won’t it go to the remote branch?
Answer: You forgot to change the VPN tunnel to allow the new subnet to pass to the remote location!
Did you remember to add the new network to the tunnel?
Why do you need to do that?
The VPN tunnel works by matching both the source IP and destination IP to see if it needs to encrypt the traffic.
This match is done against an access control list (ACL).
If the VPN can’t match both sides it ignores the connection and lets the firewall handle it on its own.
Just having a route from the new subnet to the firewall is not enough.
How do I fix it?
In this case, you have “old subnet” connecting to “remote subnet” and you’ll need to add “new subnet” connecting to “remote subnet” to the existing tunnel ACL.
Remember to do this on both sides or it won’t work (you have to allow the traffic on the remote side to come back!).
The resultant ACL will contain instructions for “old subnet” connecting to “remote subnet” and “new subnet” connecting to “remote subnet” (reverse on the remote end).
The user can now happily access the remote device because their IP matches the local end and the destination matches the remote side – the traffic is encrypted and the device is reachable.
How do I modify my VPN tunnel to add the new subnet?
There are so many versions of firewalls that I couldn’t possibly go through them all here.
We would recommend contacting your support vendor for assistance.