Re: AD DNS naming
- From: "Ace Fekay [MVP]" <PleaseSubstituteMyActualFirstName&LastNameHere@xxxxxxxxxxx>
- Date: Fri, 24 Mar 2006 10:36:43 -0500
In news:eBdIZZsTGHA.2276@xxxxxxxxxxxxxxxxxxxx,
SuperGumby [SBS MVP] <not@xxxxxxxxxxx> stated, which I commented on below:
G'day Ace,
Nice breakdown.
I suppose my main concerns stem from questions raised where the DNS
naming has been assumed ('it's asking for a DNS name, better give it
this one') rather than planned.
It probably means the person setting it up rather didn't really get into
researching it extensively or didn't attend classes on AD
design/immplementation. Common problem. As a trainer, I always recommend
such training, and I say this for their benefit, and not as a salesman,
because I'm not a salesman. There is much info to be learned and the
Microsoft MOC# 2279 (Implement and Troubleshoot) and # 2282 (Design) AD
courses are well worth attending.
If I juggle the info around somewhat I get 'considerations that
should influence your AD DNS name choice':
(in no particular order)
Security.
Considerations about what info from the DNS is exposed by the
different choices when implemented properly or improperly.
Name complexity.
we.dont.wanna.have.to.remember.something.like.this to access a
record. User considerations, the 'people' aspect. Some consideration
here for the 'machine' context.
Use WINS and/or make sure the name suffixes are set in teh search suffix, of
ensure proper delegation/forwarding in a design with a parent/child
relationship in a forest.
Name visibility.
How does resource availability differ inside vs outside the AD?
That will depend on your VPN software, as mentioned in my post. Cisco,
Netscreen, etc, VPN software is better suited. If using default Microsoft
software, may have some issues with name resolution, but not saying you
will.
Also, from other post, what differing visibility do I wish to
provide and is this dependent on the choice.
That depends on what visibility YOU want or are required to allow your
outside users in order to do their jobs with regards to access to the
internal resources.
Managability.
Does the choice influence the amount of work necessary to maintain
the system?
Once implemented, there shouldn't be any additional work, unless the
split-zone was chosen, then if you are using the IIS redirection as I
mentioned, it would need to implemented on any new DCs. Otherwise, I really
don't see any additional tasks, unless you change something.
I have to go play golf in a few minutes. It will give me time to
think about what other aspects I want to consider in the process of
choosing the name. I'll pop back in to see what else comes in.
Don't look at this as an elephant under a microscope. Look at the broad
ramifications and results that your users require to remain productive, and
what is easier to implement and maintain. Myself? I would either choose
..local (and make the appropriate changes for the Macs, if any), or a
delegated subdomain.
Cheers!
Ace
.
- References:
- AD DNS naming
- From: SuperGumby [SBS MVP]
- Re: AD DNS naming
- From: Ace Fekay [MVP]
- Re: AD DNS naming
- From: SuperGumby [SBS MVP]
- AD DNS naming
- Prev by Date: Re: New Win2003 Server always appears 'offline' to wireless users?
- Next by Date: Re: e-mail to AOL.com
- Previous by thread: Re: AD DNS naming
- Next by thread: Re: AD DNS naming
- Index(es):
Relevant Pages
|
Loading
