Re: Namespace

From: Omer maydan (omermaydan_at_yahoo.com)
Date: 07/19/04

  • Next message: Kevin D. Goodknecht Sr. [MVP]: "Re: Namespace" 
    Date: Mon, 19 Jul 2004 20:54:22 +0200

    hi. there are dew pros and cons. as a start, it is always a good practice to
    set up two different dns zones, one public and one internal. the reason is
    to mask all of your internal address i order to prevent their exposure.
    (expose only what you want, +, you do not need to use real names) also, it
    will not cause confusion, causing you to put the wrong records on the wrong
    dns servers. thired, with one namespace you cannot use foworders between the
    two servers. foworders prevent your private dns server searching for
    Internet Names by himself(which you don't want). and the last thing, is you
    get much more secure enviornmet, with much lesser chances to get hit by an
    Dns Attack like Chace poisioning or somthing simielr on your private
    namespace. the only disadvantage of this topology, is a little extra
    overhead in defining the dns zones, and, you will have to add an extra email
    address to each user (this can be done simply by use of an exchange
    recipient policy...). but this is really small money compared to the clear
    advantages of a private and a public zone.

    Omer maydan
    MCSE,Security+

    "Clark" <anonymous@discussions.microsoft.com> wrote in message
    news:3023201c46db4$cba3d870$a301280a@phx.gbl...
    > What are the pros and con with selcting a dot local
    > internal name space as oposed to a FQDN starting with a
    > registered name?
    >
    > Our vendor has suggested using dot local. However my
    > studies indicate to always start with a registered name.
    > Our network connects to the internet via firewalls. I am
    > concern about a xxxx.local internal namespace and its
    > implications with AD and MS Exchange 2003. Currently we
    > use Exchange 5.5.
    >
    > This is a reshearch issue and we are investigating all
    > resources, Microsoft, vendors and IT community.
    >
    > Any suggestion or thoughts would be GREATLY appreciated!
    >
    > Thanks,
    >
    > Clark

  • Next message: Kevin D. Goodknecht Sr. [MVP]: "Re: Namespace"

    Relevant Pages

    • Re: Namespace
      ... there are dew pros and cons. ... >dns servers. ... >> Our network connects to the internet via firewalls. ...
      (microsoft.public.windows.server.dns)
    • Re: Exchange - Setting up specific OWA URLs between servers
      ... "split-brain DNS", and it certainly does not require you to expose AD to the ... Internet, or to publish all your internal hosts externally. ... hardware in our first Exchange server. ... As for two DNS zones, ...
      (microsoft.public.exchange.setup)
    • Re: Windows 2000 domain name change necessary or not?
      ... With Windows 2000, you cannot rename the domain without first demoting all ... Reverse DNS zones are not a requirement for AD to function. ... >>> server on a network that is using NAT to reach the internet? ...
      (microsoft.public.windows.server.general)
    • Re: Intermittent Internet Connection - DNS Netlogon refresh problem?
      ... Then Kevin replied below: ... I then resetup the DNS zones and added a ... I setup some other things on DNS, ... >> haven't been on the internet all that much since then, ...
      (microsoft.public.win2000.dns)
    • Re: Urgent! New router and big disaster
      ... Both NICs should point to his internal IP for DNS. ... forward ports to it reliably in the router. ... I should have been more clear about internet connection.. ...
      (microsoft.public.windows.server.sbs)