myDNS is an IP Address Management (IPAM) system for the UBC IP infrastructure, including DNS and DHCP services. This system is from Bluecat Networks which is comprised of ISC based DNS and DHCP systems, called Adonis, and management software, called Proteus. All together, this is the UBC myDNS service. The Bluecat systems are modular and scalable to many hundreds of thousands of IP addresses. The system design is very robust making use of hardware redundancy, load balancing and automatic failover functionality resulting in a very high availability system. Below is a high level view of the system.
The UBC DNS, DHCP, and NTP services operate on the Adonis appliances. These can operate independently if required in the event of a failure. The management software, Proteus, is a web browser GUI to manage the DNS and DHCP services. This operates as a Virtual Machine (VM). DNS and DHCP services operate in the event of Proteus being unavailable. Authentication is currently using UBC's CWL system.
An advantage of the Bluecat system is the ability to provision external and internal DNS services. DNS services must be available externally from UBC which does expose them to attacks from the Internet. When an attack does occur, then DNS services within UBC are affected. With UBC users using internal DNS services, then they are protected from such attacks.
The external DNS servers are 188.8.131.52 and 184.108.40.206
The internal DNS servers for UBC Vancouver are 220.127.116.11 and 18.104.22.168
The internal DNS servers for UBC Okanagan are 22.214.171.124 and 126.96.36.199
On-campus clients are encouraged to switch to the internal DNS servers. While internal clients will continue to get full service from the external DNS servers, eventually external clients will be blocked from making recursive queries which is the recommended secure configuration. This external blocking will be based on a broad list of networks associated with UBC, and preceded by an advertising campaign.
The DHCP servers for UBC Vancouver are 188.8.131.52 and 184.108.40.206
The DHCP servers for UBC Okanagan are 220.127.116.11 and 18.104.22.168
Routers that forward DHCP requests need to be configured with these server addresses. UBC IT will apply these changes to routers managed by UBC IT.
The external NTP servers are 22.214.171.124 and 126.96.36.199, ntp1.ubc.ca
The internal NTP servers for UBC Vancouver are 188.8.131.52 and 184.108.40.206, ntp2.ubc.ca
The internal NTP servers for UBC Okanagan are 220.127.116.11 and 18.104.22.168, ntp3.ubc.ca
Computers should be configured to get NTP service using the DNS name instead of the IP addresses wherever possible