Vol. 23, #37 - September 17, 2018 - Issue #1199
Free Tool for Monitoring Exchange Server Status & Performance
|
This week's issue of WServerNews zeroes in on DNS with links to some useful articles and also an excerpt from an ICANN mailing list that has some IMPORTANT INFORMATION that sysadmins need to know if you want to ensure that your organization's external DNS name resolution will keep working properly after October 11th.
In addition we're also seeking some help from our readers. Are you an experienced IT pro who likes to learn new stuff and would be willing to review some books for the Book Corner section of our newsletter? We currently have books that need reviewing on these topics:
If you're interested in reviewing any of the above titles please let us know by emailing us at wsn@mtit.com
Thanks! And now on to an important announcement from ICAAN…
The following email from the ICANN Root KSK Rollover Project Team was apparently just mailed out via one of ICAAN's many mailing lists and was forwarded to me this morning by a colleague. I'm excerpting it here in our newsletter as it may be important for you if you are responsible for administering DNS for your company or organization. Here is the excerpt:
As you may be aware, on 11 October 2018, ICANN will change or "roll over" the DNSSEC key signing key (KSK) of the DNS root zone. Based on information from your network received at the DNS root name servers, we believe that there *may* be at least one recursive resolver (also referred to as a recursive name server or caching name server) with DNSSEC validation enabled in AS26312 that is unprepared for the KSK rollover. If the resolver configuration is not updated with the new KSK before 11 October 2018, users of that resolver will not be able to resolve any DNS queries, resulting in a DNS outage for all users attempting DNS lookups through that resolver.
To repeat this important point: any DNS resolvers on your network with DNSSEC validation enabled that are not properly updated to use the new KSK will unable to resolve names on 11 October 2018 or shortly thereafter (the exact time of failure is uncertain due to caching).
At the end of this message, please find a list of IP addresses from AS26312 that since 1 September 2017 have sent at least one trust anchor configuration report indicating they were not configured with the new KSK.
Please note that these IP addresses appear in our records because they sent a trust anchor configuration report to one of the root name servers in the form of a DNS query following the protocol defined in RFC 8145 (https://www.rfc-editor.org/rfc/rfc8145.txt). Not just recursive resolvers but any device, including those belonging to end users (such as mobile phones), could potentially send such a query: we are aware of at least one multi-platform VPN software implementation that reported its lack of the new KSK using this mechanism. (This software has since been updated with the new KSK.) In addition, because these reports are made with a simple DNS query, they can be forwarded through multiple resolvers and can also be easily spoofed. Therefore, the presence of an IP address in the list below does not definitively indicate that a resolver at that address originated a trust anchor report.
Please also note that IP addresses on your network that are not on the list below could still be unprepared for the root KSK rollover: only very recent versions of certain resolver software actually report their trust anchor configuration to the root servers. Your network could still have recursive resolvers with DNSSEC validation enabled that are unprepared for the root KSK rollover on 11 October 2018. If you have not already done so, we would therefore encourage you to check any DNSSEC-validating recursive resolvers to confirm that these resolvers are configured with the new root zone KSK and are prepared for the root KSK rollover on 11 October 2018.
For more information on how to check whether a resolver you operate has the new KSK, see:
https://www.icann.org/dns-resolvers-checking-current-trust-anchors
For more information on how to update your resolver to use the new KSK, see:
https://www.icann.org/dns-resolvers-updating-latest-trust-anchor
In advance of the rollover, we are running a short survey of network operators to assist ICANN in its assessment of networks' readiness for the root KSK rollover. Could we please kindly request that you complete this very short survey about your preparedness for the root KSK rollover? The nine-question survey can be completed in under a minute:
https://www.research.net/r/KSKRolloverPreparedness?ASnumber=26312
We will be accepting responses until 13 September 2018.
For more information about the root KSK rollover project, see:
If you have questions about the rollover or this survey, please send email to globalsupport@icann.org with "KSK Rollover" in the subject line.
Kind regards,
The ICANN Root KSK Rollover Project Team
This helpful article by Brandon Wilson describes the behavior changes of Windows Server 2016 when it comes to reverse DNS records:
http://www.wservernews.com/go/vblaomcg/
Mike Kammer recently posted a very useful blog entry where he describes a customer whose DNS had many reverse lookup zones and who was looking to clean up records that have grown out of control over the years. He then shares a PowerShell script he wrote that gets a list of all the records exported in a way that is easy to understand and manipulate:
http://www.wservernews.com/go/70bmhw2d/
Microsoft PFE Willem Kasdorp says, "It is surprisingly often that I encounter customers who have a WINS dependency in an odd place: in DNS itself." He then explains how to check whether your DNS is configured for WINS lookup and why this is a bad thing and what you can do about it:
http://www.wservernews.com/go/pi45txvp/
This post on the Security For The Adventurous blog explains how to enable debug logging of the DNS server service and parse the logs using LogParser to determine how many clients are resolving DNS names using your Windows DNS servers:
http://www.wservernews.com/go/u2bx3px0/
Mike Lee tells us that to support installing and publishing APPS from your SharePoint Farm you will need to configure DNS to support a wild cardhost names for the specified app domain. This blog post by Mike demonstrates a quick way to configure your Microsoft Active Directory integrated DNS Server to support SharePoint Apps:
http://www.wservernews.com/go/z5e7d4kw/
The following article answers some frequently-asked questions concerning using custom domains with Azure Active Directory and provides guidance on deploying custom domains:
http://www.wservernews.com/go/2b524jdi/
Got any IT pro tips you'd like to share with other readers of our newsletter? Email us at wsn@mtit.com
This tip by Zubair Alexander on his blog may be helpful if you're experiencing delays in accessing shared files and folders on your network:
http://www.wservernews.com/go/olbe2t29/
GOT ADMIN TOOLS or other software/hardware you'd like to recommend? Email us at wsn@mtit.com
Do you protect your Hyper-V & VMware VMs against data loss? Altaro VM Backup is a hassle-free and affordably priced virtual machine backup solution. Don’t miss out - grab your FOREVER FREE copy now
http://www.wservernews.com/go/xs1dw90h/
Learn how Veeam & HPE can seamlessly integrate to deliver additional value to your business. Webinar speakers are Russell Nolan, Veeam, and Richard T Arnold, D8TADUDE.
http://www.wservernews.com/go/5cgnfqd5/
Are you a Managed Service Provider? Think about providing Email Archiving-as-a-Service with the MailStore Service Provider Edition. Free trial periods and webinars offered by the vendor.
http://www.wservernews.com/go/ujw7hnh4/
Windows System Control Center (WSCC) allows you to install, update, execute and organize the utilities from various system utility suites:
http://www.wservernews.com/go/w9xqrb2w/
PPing is designed to give you the easiest possible solution for discovering ports from a windows console:
http://www.wservernews.com/go/lvbu9xtd/
PuTTY is an open source SSH and telnet client, developed originally by Simon Tatham for the Windows platform:
http://www.wservernews.com/go/i16cy1sa/
>> Have you written and/or published a book you'd like us to review? Send us a free copy and we'll review it in an upcoming issue of WServerNews! For more info contact us at wsn@mtit.com
Your Editor has been too busy recently to find time to read the pile of new IT/dev books on his bookshelf, so as I mentioned at the start of this issue we're seeking help from any readers who might be willing to review books for this section of our newsletter. If you're interested please tell us a bit about your background and expertise and the subject areas for which you'd be interested in reviewing books. Email me at wsn@mtit.com
Last week's factoid and question was this:
Fact: The European Commission is going to ask the EU parliament and member states to ditch the system of twice-yearly changes of Daylight Savings Time.
Question: Are you looking forward to having to deal with the consequences of such a change?
Randy from BC, Canada sent us the best response to this one:
Hell yes! I applaud the EU for trying to stop the twice yearly time change! Even though I am retired it would be great to not change. Here in Canada, only Saskatchewan was smart enough to do it years ago. And why? As I heard it, the milk cows complained!
Let's see if the cows in Europe have similar clout to those here in Canada.
Now let's move on to this week's factoid:
Fact: Mice hate cheese, new study reveals
Source: http://www.wservernews.com/go/p7eqjogs/
Question: The above Daily Mail article actually dates from back in 2006, but it's relevant since it's fast approaching the time of year when mice are looking for warm cracks and crannies where they can nest in your house during the winter months (at least here in Canada anyways). So the question we ask our readers is this: If mice hate cheese then what do mice love to eat? i.e. what's the best bait to use on a mousetrap?
Email your answer to wsn@mtit.com
>> Got an IT conference happening in North America that you'd like to promote in our newsletter? Email us at wsn@mtit.com
Microsoft Ignite -- September 24-28, 2018 in Orlando, Florida USA
http://www.wservernews.com/go/gazjf8nl/
IoT Security Summit -- Oct 15-18 in Dallas, Texas
http://www.wservernews.com/go/x8j890pw/
IT/Dev Connections -- Oct 15-18 in Dallas, Texas USA
http://www.wservernews.com/go/gc41am7l/
>> Got an IT conference happening in North America that you'd like to promote in our newsletter? Email us at wsn@mtit.com
Gartner Catalyst Conference -- Sept 26-27 in London, England
http://www.wservernews.com/go/q87ijzwj/
VMworld Europe -- Nov 5-8 in Barcelona, Spain
http://www.wservernews.com/go/o7th53ea/
Cybersecurity Leadership Summit -- Nov 12-14 in Berlin, Germany
http://www.wservernews.com/go/d5li13hw/
European SharePoint, Office 365 & Azure Conference -- Nov 26-29 in Copenhagen, Denmark
http://www.wservernews.com/go/qo5pp1z5/
>> Got an IT conference happening in Australia or Asia that you'd like to promote in our newsletter? Email us at wsn@mtit.com
No conferences listed at present.
6 steps to becoming a full stack developer
The journey to becoming a full stack developer might appear herculean at first. But once you master these six steps, you are on your way to getting there.
http://www.wservernews.com/go/3y7l4x27/
Must-have skills for a machine learning career
Artificial intelligence and machine learning are not just buzzwords — they are a path to success. Get these skills and begin your machine learning career.
http://www.wservernews.com/go/53e5q17z/
Azure SQL or SQL server: Which one is right for you?
Azure SQL is a cloud-based database service built similar to SQL server. Should you use SQL Azure or stick with on-premises SQL server. Let's see.
http://www.wservernews.com/go/h6pv40vy/
Network topology guide: Why it's crucial you build the right structure
Efficient networks don't just happen. It takes planning. Before you lay your first cable, read this guide and pick the right network topology for you.
http://www.wservernews.com/go/gxc4i0o4/
First look: Handful of new features coming to G Suite
Google's ever-evolving G Suite has rolled out a number of enhancements and new features. Here's a look at some you may want to use in your business.
http://www.wservernews.com/go/1kf9ump3/
London Heathrow Baggage Handlers Dance To Queen's I Want To Break Free
Heathrow baggage handlers dance to Queen's 'I Want To Break Free' to honour the 72th birthday of former bag handler Freddie Mercury:
http://www.wservernews.com/go/ea0begd7/
Incredible Magic Act Completely Fools Penn And Teller
British magician Nick Einhorn performs a trick on the TV show 'Fool Us' that leaves hosts Penn and Teller scratching their heads:
http://www.wservernews.com/go/sgczxmaq/
Darcy Oake's Amazing Magic
Canadian magician and illusionist Darcy Oake performs his amazing magic at the television show 'Penn and Teller - Fool Us.'
http://www.wservernews.com/go/zt4qj29s/
'Hans Klok & The Divas of Magic - 10 Illusions in 5 Minutes
A Dutch TV-show challenged magician Hans Klok and the "Divas of Magic" to do as many illusions as possible in 5 minutes:
http://www.wservernews.com/go/2u00cs8o/
What the history of VMware reveals about its future projects
VMware dominated server virtualization, but was hesitant to embrace the cloud. Examine VMware's history and its approach to new technology to see where it's headed next.
http://www.wservernews.com/go/9pvwwk39/
Consider three emerging mobile app development trends
These three emerging mobile app development strategies could change the way apps are developed in the future. Discover which of these methods is right for your organization.
http://www.wservernews.com/go/dflhwutb/
Citrix Workspace App: What's in the cloud & what's on the client side?
Citrix Workspace App encompasses features from Receiver, ShareFile, StoreFront, NetScaler Gateway, Analytics, and more. Confused? Let's dig in.
http://www.wservernews.com/go/beawe7cc/
VMware NSX 6.4 introduces upgrade planner, HTML5 features
VMware NSX features new to 6.4 include an upgrade planner and improved firewall functionality. Users can access these features from vSphere Client, which includes new HTML5 components. Learn more here.
http://www.wservernews.com/go/ctjm8uw3/
WServerNews goes out each week to more than 500,000 IT pro subscribers worldwide! That's a lot of expertise to tap into. Do you need help with some technical problem or are looking for expert advice on something IT-related? Ask Our Readers by emailing your problems and/or questions to us at wsn@mtit.com
>> Got feedback about anything in this issue of WServerNews? Email us at wsn@mtit.com
Free Tool for Monitoring Exchange Server Status & Performance
|
Mitch Tulloch is Senior Editor of WServerNews and is a widely recognized expert on Windows administration, deployment and virtualization. Mitch was lead author of the bestselling Windows 7 Resource Kit and has been author or series editor for almost fifty books mostly published by Microsoft Press. Mitch is also a ten-time recipient of Microsoft's Most Valuable Professional (MVP) award for his outstanding contributions in support of the global IT pro community. Mitch owns and runs an information technology content development business based in Winnipeg, Canada. For more information see www.mtit.com.
Ingrid Tulloch is Associate Editor of WServerNews and was co-author of the Microsoft Encyclopedia of Networking from Microsoft Press. Ingrid is also manages research and marketing for our content development business and has co-developed university-level courses in Information Security Management for a Masters of Business Administration program.
