Re: Need feedback about DNS implementation
- From: "Herb Martin" <news@xxxxxxxxxxxxxx>
- Date: Thu, 14 Apr 2005 01:57:31 -0500
"Slimard" <Slimo@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:004B0ABA-5DB4-4243-B9D1-12C51860D175@xxxxxxxxxxxxxxxx
> Hello,
>
> Sorry if this question has been already raised on this forum.
> We are an holding group that holds 4 companies.
> We are in the process of implementing a new AD 2003. The design will be a
> single domain with placeholder domain on top (empty toot). The single
domain
> will be collapsed into 4 OUs (= 4 companies, each OU is a geographical
> location). Each comapany has its own ISP and has its own internet public
> domain (company1.com...company4.com). All the companies are interconnected
> through VPN.
>
> The holding group has an internet public domain: company.com. We decided
to
> go for ad.company.com for the DNS namespace. So we separate the internal
and
> external DNS. ad.company.com will be the root domain and the production
> domain will be a child domain, let say corp.ad.company.com.
>
> We would like to achieve the following goals:
> *** create 5 DNS subdomain (zone) and allow each company to manage their
> zone. For example we will have a zone like company1.corp.ad.comapny.com,
> company2.corp.ad.comapny.com...
That is fine technically -- those names are obnoxiously
complicated (for users and admins to type).
One obvious simplification would be to avoid using BOTH
"ad" and "corp" as qualifiers -- they don't seem to (both)
be making any real distinction.
> *** Queries to Internet should be resolved by the local ISP's and not
> traverse the WAN
Forwarding to the ISP does this.
> *** VPN users (travelling users) should be able to resolve internal names.
> By having the internal domain a subdomain of the external domain, it
should
> not be a problem.
You need to arrange for EVERY DNS server (they might
use) to be able to resolve ALL of your internal DNS names,
and to do that with a server that can also deal with the
Internet (forwarding above.)
> *** Is it possible to set the NETBIOS name to CORP, or do we need to use
AD
> as netbios name? So it is possible to a netbios name <> than the DNS name
No, you can technically use anything that isn't the same
on different AD domains -- i.e., one unique NetBIOS
name per AD domain.
BUT the usual convention is to use the LEFTMOST tag --
since this is usually the most distinctive or specific, and
in your case this would give: company1, company2, etc.
BUT having said that it reminds me that early on you said
you were collapsing this into ONE DOMAIN.
If that is case the internal DNS name will be the same for
ALL of the "companies".
And as to EXTERNAL DNS for public zones, those are
best left at the REGISTRAR (or retuned there.)
> Thanks in advance for your comments about this design
.
- References:
- Need feedback about DNS implementation
- From: Slimard
- Need feedback about DNS implementation
- Prev by Date: Re: ISP needs newbe info for W2k3 DNS secure setup please?
- Next by Date: DNS settings
- Previous by thread: Re: Need feedback about DNS implementation
- Next by thread: CAnnot create application directory
- Index(es):
Relevant Pages
|
