myDNS is an IP Address Management (IPAM) system for the UBC IP infrastructure, including DNS and DHCP services. This system is from Bluecat Networks which is comprised of ISC based DNS and DHCP systems, called Adonis, and management software, called Proteus. All together, this is the UBC myDNS service. The Bluecat systems are modular and scalable to many hundreds of thousands of IP addresses. The system design is very robust making use of hardware redundancy, load balancing and automatic failover functionality resulting in a very high availability system. Below is a high level view of the system.
The UBC DNS, DHCP, and NTP services operate on the Adonis appliances. These can operate independently if required in the event of a failure. The management software, Proteus, is a web browser GUI to manage the DNS and DHCP services. This operates as a Virtual Machine (VM). DNS and DHCP services operate in the event of Proteus being unavailable. Authentication is currently using UBC's CWL system.
DNS
An advantage of the Bluecat system is the ability to provision external and internal DNS services. DNS services must be available externally from UBC which does expose them to attacks from the Internet. When an attack does occur, then DNS services within UBC are affected. With UBC users using internal DNS services, then they are protected from such attacks.
The external DNS servers are 137.82.1.1 and 142.103.1.1 The internal DNS servers for UBC Vancouver are 137.82.1.2 and 142.103.1.42 The internal DNS servers for UBC Okanagan are 206.87.24.251 and 206.87.24.252 |
On-campus clients are encouraged to switch to the internal DNS servers. While internal clients will continue to get full service from the external DNS servers, eventually external clients will be blocked from making recursive queries which is the recommended secure configuration. This external blocking will be based on a broad list of networks associated with UBC, and preceded by an advertising campaign.
DHCP
The DHCP servers for UBC Vancouver are 137.82.1.2 and 142.103.1.42 The DHCP servers for UBC Okanagan are 206.87.24.251 and 206.87.24.252 |
Routers that forward DHCP requests need to be configured with these server addresses. UBC IT will apply these changes to routers managed by UBC IT.
NTP
The external NTP servers are 137.82.1.1 and 142.103.1.1, ntp1.ubc.ca The internal NTP servers for UBC Vancouver are 137.82.1.2 and 142.103.1.42, ntp2.ubc.ca The internal NTP servers for UBC Okanagan are 206.87.24.251 and 206.87.24.252, ntp3.ubc.ca |
Computers should be configured to get NTP service using the DNS name instead of the IP addresses wherever possible
