Every once in a while you run into a way of doing things that makes you wonder why you ever did it any other way. For me, that was using DNS aliasing for referencing all servers, and services that they provide. I use them whenever possible.
Many years ago I had a catastrophic server failure. Looking back, it was a fascinating series of events that you would think would never happen, but it did. This server happened to be the primary storage server for our development team, and was a staple of our development system. It’s full server name was hardcoded on mount points and symbolic links of other *nix systems, as well as drive mappings from windows machines connecting to it via Samba. It’s name was buried in countless scripts owned by the Development and QA teams. Once the new hardware came in, provisioning a new server was relatively easy. Getting everything functioning again because of these broken links was not. Other factors prevented me from using the old approach, which was naming the new server the same name as the old server. So I knew there had to be a better way. There was. That was using DNS aliasing (cname records) on your internal DNS servers to decouple the server name itself from the service it was providing. This practice helps you design your server infrastructure for change.
Good candidates for aliasing are:
- NTP/time servers (automated for domain joined machines, but not for non-joined machines, *nix systems, and network devices)
- Email servers (primary email servers, as well as mail relay servers)
- Source code control servers
- Document management, wikis, or collaboration servers
- Critical workstations/servers that perform source code compiling and/or validation testing.
- Network devices and OOB management cards. I can’t remember what the FQDN’s of my switches are. Can you?
- Log servers.
- File Servers and their respective share names or NFS exports (ex. \\infostore\sales & infostore:/exports/sales respectively)
The practice is particularly interesting on file servers. If you start out with one file server that contains shares for your applications, your files, and your user home directories. You could have sharenames that reference aliases, all for the very same server.
Now, when you need to move user home directories over to a new server, or bring up a new server to perform that new role, just move the data, turn up the share name, and change the alias.
Now of course, there are some things that aliasing can’t be used on, or doesn’t work well on.
- DNS clients that need to refer to DNS servers require IP addresses, and can’t use aliases
- Some windows service that may use complex authentication methods.
- Services that are relying on SSL certificates that are expecting to see the real name, not the alias. (ex. Exchange URL references)
- Windows Server 2003 and earlier do not support aliases out of the box. It will support only \\realservername\sharename by default. You will need to add a registry key to disable strict name checking. More info found here: http://support.microsoft.com/kb/281308
Most recently, I made the transition from Exchange 2003 to Exchange 2007. Usually a project like that has pages of carefully planned out steps on the cut-over; what needed to be changed, and when. What I didn’t have to worry about this time is all of my internal hosts that reference the mail server by it’s DNS alias name; mailserver.mycompany.lan. Just one easy step to change the cname reference from the old server name to the new server name, and that was it. The same thing occurred when I transitioned to new Domain Controllers a few months ago. These serve as my internal time servers for all internal systems and devices.
What’s most surprising is that this practices is not done in IT environments as often as you’d think. There might be an occasional alias here and there, but not a calculated effort to help transitions to new servers and reduce downtime. Whether you are doing planned server transitions, or recovering from a server failure, this is a practice that is guaranteed to help almost any situation.