Re: Namespace
From: Roger Abell (mvpNOSpam_at_asu.edu)
Date: 07/20/04
- Next message: Roger Abell: "Re: Client not loging to AD need to Resolve hosts name"
- Previous message: Roger Abell: "Re: multiple ip addresses and default dns entries"
- In reply to: Omer maydan: "Re: Namespace"
- Next in thread: omer maydan: "Re: Namespace"
- Reply: omer maydan: "Re: Namespace"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 20 Jul 2004 00:16:27 -0700
> . . . thired, with one namespace you cannot use foworders between the
> two servers. foworders prevent your private dns server searching for
> Internet Names by himself(which you don't want).
as stated this is just not so
I believe that what you meant to indicate is that there can
only be one instance of a DNS domain used along the path
of resolution. Hence, if the internal DNS holds domain.com
then there is no way to access/resolve-from an external
DNS server with an independent version of domain.com.
You could however still have the internal use this same
external DNS server as its Forwarder, and, use of a Forwarder
in no way prevents a DNS server from "searching for
Internet Names by himself"
-- Roger Abell Microsoft MVP (Windows Server System: Security) MCSE (W2k3,W2k,Nt4) MCDBA "Omer maydan" <omermaydan@yahoo.com> wrote in message news:O5tkwlbbEHA.3480@TK2MSFTNGP11.phx.gbl... > hi. there are dew pros and cons. as a start, it is always a good practice to > set up two different dns zones, one public and one internal. the reason is > to mask all of your internal address i order to prevent their exposure. > (expose only what you want, +, you do not need to use real names) also, it > will not cause confusion, causing you to put the wrong records on the wrong > dns servers. thired, with one namespace you cannot use foworders between the > two servers. foworders prevent your private dns server searching for > Internet Names by himself(which you don't want). and the last thing, is you > get much more secure enviornmet, with much lesser chances to get hit by an > Dns Attack like Chace poisioning or somthing simielr on your private > namespace. the only disadvantage of this topology, is a little extra > overhead in defining the dns zones, and, you will have to add an extra email > address to each user (this can be done simply by use of an exchange > recipient policy...). but this is really small money compared to the clear > advantages of a private and a public zone. > > Omer maydan > MCSE,Security+ > > "Clark" <anonymous@discussions.microsoft.com> wrote in message > news:3023201c46db4$cba3d870$a301280a@phx.gbl... > > What are the pros and con with selcting a dot local > > internal name space as oposed to a FQDN starting with a > > registered name? > > > > Our vendor has suggested using dot local. However my > > studies indicate to always start with a registered name. > > Our network connects to the internet via firewalls. I am > > concern about a xxxx.local internal namespace and its > > implications with AD and MS Exchange 2003. Currently we > > use Exchange 5.5. > > > > This is a reshearch issue and we are investigating all > > resources, Microsoft, vendors and IT community. > > > > Any suggestion or thoughts would be GREATLY appreciated! > > > > Thanks, > > > > Clark > >
- Next message: Roger Abell: "Re: Client not loging to AD need to Resolve hosts name"
- Previous message: Roger Abell: "Re: multiple ip addresses and default dns entries"
- In reply to: Omer maydan: "Re: Namespace"
- Next in thread: omer maydan: "Re: Namespace"
- Reply: omer maydan: "Re: Namespace"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
