Re: Active Directory Naming Convention
From: Ryan Hanisco (rhanisco_at_flagshipis.com)
Date: 03/15/05
- Next message: Ryan Hanisco: "Re: ad user rights"
- Previous message: Ryan Hanisco: "Re: AD Newbie Questions"
- In reply to: rrwall: "Active Directory Naming Convention"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 14 Mar 2005 19:50:44 -0600
In a case with internal and external access, you usually have either two DNS
servers or one server with two domains. One would be for external
resolution and one for internal. This also helps you avoid hairpin routing
issues into your DMZ by internal customers.
I would caution you though, it is usually a bad idea to have a DC in an DMZ.
I would suggest using IAS (RADIUS) or LDAP pass-through to your DC
internally. If you need a DC in your DMZ, be EXTREMELY careful and lock the
ports down on there server and on your firewall/ DMZ router.
-- Ryan Hanisco MCSE, MCDBA FlagShip Integration Services "rrwall" <rrwall@discussions.microsoft.com> wrote in message news:A4ADBC0E-DC8F-49D1-9F1B-289A9127C765@microsoft.com... >I am in the process of upgrading my network from NT4 to win2k3 AD. I have >a > server that is responsible for DNS\authoritative in my DMZ. I have approx > 10 > records for access to web sites that I am hosting as well. > > The DNS server is running winnt4. > > I would like to use mydomain.loc rather than mydomain.net for simplicity > and > I understand that resolving DNS issues is easier, as well. > > My question is, can I do this and set my forwarders up to point to this > name > server and not have to worry about touching the existing DNS server in my > DMZ? > >
- Next message: Ryan Hanisco: "Re: ad user rights"
- Previous message: Ryan Hanisco: "Re: AD Newbie Questions"
- In reply to: rrwall: "Active Directory Naming Convention"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
