Thread Info
  • Locked Locked
  • Replies 4 replies
  • Subscribers 3 subscribers
  • Views 6514 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Should I move DNS/DHCP serverices to my UTM-9?

ThomasBrunko1

Hi,

we're currently using an UTM-9 on an sg210 hardware. Both our DNS and DHCP needs for the internal networks are currently handled by a small linux VM. I'm thinking of moving both services to the UTM-9. There're currently ~600 entries (A- and CNAME-records) in our DNS and ~200 MAC to IP mappings in the DHCP configuration.

Is this a good idea or would you advise against it?

I'm a bit worried about the behavior of the web interface: With 600 host entries, everything might get a bit slow and confusing. Also the question on how to transfer 600 entries to the UTM-9 is still open. I'm not willing to enter each and every host via the webinterface...

Thanks,

Thomas.



This thread was automatically locked due to age.

  • I would recommend against this unless you are having a specific issue.  It will make changing infrastructure that much more difficult to manage.  I moved from my UTM to a linux server for dhcp and dns, and then moved dhcp and dns to a windows server with linux slave dns server.

  • in reply to darrellr

    In our setup, the UTM-9 (actually a HA cluster of two UTM-9) is the piece of hardware most likely to survive power outages and power surges. We're in a relatively recent building but the wiring is dirt cheap and both outages and surges habe cause no end of problems for us. We have two UPS but all their power outlets are already in use. So if we want to move our services away from a VM, there's not much we can do except to move to the UTM-9.

    I'm still in two minds about what to do. The interface of the UTM-9 seem unsuitable for the management of this number of hostnames. Yet, separating such important services from the Vcenter seems to be a good idea ...

  • in reply to ThomasBrunko1

    I agree with Darrell and would recommend against trying this.  The implementation of bind in the UTM is not meant to provide complete name services.  There is, for example, no way to add CNAME and MX records.  You might be interested in DNS Best Practice.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • in reply to BAlfson

    Thanks for the advice. We've decided against the move, mainly because we were expecting a management nightmare. But of course the missing CNAME and MX records are a much better reason.

     

    Regards,

    Thomas.

Unfiltered HTML