ITS sets up new DNS authoritative server in AWS

By | December 13, 2018

Members of the ITS CITP (Cloud Infrastructure Transformation Program) technical team, working with the ITS Hostmaster, have created a Domain Name Service (DNS) authoritative server in Amazon Web Services (AWS) to increase resiliency.

There are two types of DNS servers: resolvers and authoritative. Computers send DNS questions (queries) to a DNS resolver. The resolver then finds the right authoritative server to answer the question, and returns the answer (response) to the computer. So the new DNS authoritative server is not used directly by computers, it is only used by DNS resolvers on behalf of those computers.

ITS had two DNS authoritative servers at the border of its network, near two main connections to the public Internet. The two servers and two separate connections to the Internet provide resiliency in case one or the other has a problem or needs maintenance. The system now has a third DNS authoritative server, outside of campus, to further increase resiliency. If one server is down for any reason, there are still two redundant servers available.

ITS automated the deployment of the service by using a UM-hardened image in the ITS Virtual Data Center with Ansible configuring the system settings. This allowed ITS to build and rebuild the server in a few minutes. The DNS configuration is pushed from the same server that configures the other DNS authoritative servers, so there is no added work when making updates. The Ansible configuration is stored in Gitlab.