UMass Lowell DNS Migration

What are we doing
UMass Lowell Information Technology is redesigning our DNS infrastructure. Currently, internal DNS services are run on our Microsoft Active Directory domain controllers and external DNS services are run from our Infoblox appliances.

Background
UMass Lowell has used the Infoblox network infrastructure appliances for over five years. The Infoblox product and architecture is the best in the business, with a rock solid reputation for reliability and security that Microsoft simply cannot match. We are migrating our DNS services in order to provide a more robust, scalable, and standardized DNS architecture for our growing campus needs.

What DNS changes are being made?
All internal DNS services will be moved from our Active Directory domain controllers (129.63.1.27, 129.63.1.28, and 129.63.199) to new Infoblox appliances.

Information Technology will update all DHCP scopes reflect the new internal DNS server IP addresses of: 129.63.1.1 and 129.63.251.230. During this process, we will also be pruning our external DNS records so that only public-facing IP addresses (129.63.X.X) are resolvable from the internet.

Which records are being pruned
A (host) records with a Private Addresses (10.x.x.x)
SRV (service) records for VoIP phones

Call to Action: Check your Servers and Devices between June 27th 2014 and July 31, 2014.

‘ For servers and desktops configured with static IP addresses, you will need to set the DNS server addresses to the new IP addresses: 129.63.1.1 and 129.63.251.230. Do not make this change before June 27, and please ensure it is complete prior to July 31. Ensure you remove all instances of using 129.63.1.27, 28, or 199 as DNS server prior to the July 31 date.

‘ Devices like VoIP phones, Wi-Fi hotspots, PXE boot machines, Internet Connected Devices, etc. that have hard-coded DNS Resolver settings will need to be updated.

‘ If you are running a departmental DNS server, does it perform recursion directly to the Internet root servers? If not, verify that your forwarders have been updated to the new IP addresses. Hint: It they should not generally be using recursion directly to the Internet.

Unaffected systems
Systems you do not have to worry about are.

1. Notebooks and Desktops, or anything else that automatically gets its IP address from DHCP.
2. VDI workstations (these are all configured for DHCP)
3. Devices that do not communicate with anything outside of their local subnet.

Please help us remedy clients, servers, and devices that resolve against DNS 129.63.1.27, 129.63.1.28, or 129.63.1.199 By July 31, 2014

If you have any questions, please contact Kevin Smith at 978.934.4769 or via email at Kevin_Smith@uml.edu

Leave a Reply