Re: dns questions
From: Andrew Hodgson (me3_at_privacy.net)
Date: 08/26/04
- Previous message: Roger Abell: "Re: Nt 4.0 and Integrated Dns in AD"
- In reply to: Kevin D. Goodknecht Sr. [MVP]: "Re: dns questions"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 26 Aug 2004 08:14:42 +0100
On Wed, 25 Aug 2004 05:06:46 -0500, "Kevin D. Goodknecht Sr. [MVP]"
<admin@nospam.WFTX.US> wrote:
>Your issue with Exchange is a configuration issue, the message headers can
>be configured to say anything you want.
I would be grateful if you could let me know how to change the
Message-ID then in the headers. Please reply off-group if you feel it
would be more apropriate.
>But I can think of several reasons
>right off the bat why _not_ to use the same internal name as the public
>name, or for that fact not even in the same DNS tree.
>
>Most importantly, some users either prefer or must access their external
>website by only its domain name, without www. It is impossible to access the
>public website from within the local domain by only its domain name, unless
>that public website is hosted on the domain controller for that domain name.
This is true, but as most people use WWW for websites throughout the
Internet, I don't see this as an issue. For example, I give people an
address, www.hodgsonfamily.org, which works both internally and
externally. http://hodgsonfamily.org, although hosted on the same IIS
server on the DC, points to a different website that only the LAN
users have access to, plus it is used for OWA access (i.e,
https://hodgsonfamily.org/exchange/). Again this works fine
internally and externally.
>The record for the domain name must point to the IP address(es) on the
>domain controller that have file sharing enabled to allow access to the
>SYSVOL DFS share at \\example.com\SYSVOL . If you modify the behavior of a
>DC to _not_ create this record and then manually add a record that points to
>the web server, domain members will look to the web server for the SYSVOL
>DFS share. For that fact all DFS shares use the domain name and therefore
>DFS shares will not work.
I don't recomend doing this, however, so it is not an issue.
>
>Another problem caused by using the same public name as AD name is for VPN
>clients which have the unique ability to see both the public and private
>name spaces. Even if you make the internal domain a third level, such as
>corp.example.com this is a problem unless the public DNS zone has the sub
>domain corp delegated to the private IP of the internal DNS server. This is
>why I recommend example.local, by using example.local it causes the public
>DNS servers to delay long enough for the internal DNS to respond and keeps
>any cached records from the public domain on the VPN client from conflicting
>with AD domain records.
While I can see caching may be an issue on the clients here, I have
never experienced the problem - the private data is always returned
when I am on the VPN.
>
>All in all, it saves time and money for the AD domain to not have a name
>that might conflict in any way, with any name in the public name space.
If you can show me how to change the Message-ID in Exchange, I would
be happy to comply with this request.
Andrew.
-- Andrew Hodgson in Bromyard, Herefordshire, UK. My Email: use <andrew at hodgsonfamily dot org>.
- Previous message: Roger Abell: "Re: Nt 4.0 and Integrated Dns in AD"
- In reply to: Kevin D. Goodknecht Sr. [MVP]: "Re: dns questions"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
