Re: dns for isp's
- From: "Ace Fekay [MVP]" <PleaseAskMe@xxxxxxxxxxxxxx>
- Date: Wed, 25 Apr 2007 00:47:01 -0400
In news:44C8FB28-5E99-4AE8-97C0-70FC8600C702@xxxxxxxxxxxxx,
Rodge <Rodge@xxxxxxxxxxxxxxxxxxxxxxxxx> typed:
I am trying to find documentation on best practices for an isp that
hosts websites for customers setting up active directory dns to work
internally and externally. I need to be able to provide dns for my
company and for my customers. I host webservers and email servers. I
hope I explained that correctly. We currently have linux dns servers
and will be migrating them to server 2003
DNS for AD must be an internal DNS server in the AD infrastructure. To be
able to use AD integrated zones, which are more secure than text based
zones, DNS must be installed on a DC.
If a customer's AD zone is domain.com, and their public zone is of the same
name, then we have what we call a split zone. Split inb the fact it exists
in two places, internally and externally. The internal one contains private
records. The external contains public records. For the internal to resolve
to the external public website, for instance, we would need to manually
create a www record in the internal zone, and provide the external public
IP. Thsi gets tricky with the blank domain record (domain.com) because
internally, that record is called the LDAP record. Each DC registers one, so
you will find numerous entries, one for each DC. THe trick around this is on
EACH domain controller in IIS, under the default website, redirect requests
to www.domain.com.
There is no documentation per se concerning all of this unless someone put
together a blog on it. The fact coems down to understanding DNS and using a
little logic to provide your customers what they need. You will need to look
at which record a specific resource requires (whether the resource is some
kid typing in www.domain.com and getting the public IP therefore needing to
use the public DNS in their IP properties, or at a customer site where an
internal user sitting at a workstation requiring to login, where these
machines MUST only have the internal DNS in their ip properties so they can
find AD service locations) and ensure those resources are provide those
records. In additon you must manually add external records and their public
IP addresses in the internal zone.
MIgrating from anything to Windows DNS can simply be done by creating a
secondary zone on Windows, let the transfer happen, and then make it a
Primary zone and change everyone to use the Windows DNS server.
If you have thousands of zones, then you will need to look at scripting or a
3rd party tool, such as SimpleDNS Plus:
http://www.simpledns.com/kb.aspx?kbid=1141
--
Regards,
Ace
Innovative IT Concepts, Inc (IITCI)
Willow Grove, PA
This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.
Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft MVP - Directory Services
Microsoft Certified Trainer
Infinite Diversities in Infinite Combinations
Having difficulty reading or finding responses to your post?
Instead of the website you're using, try using OEx (Outlook Express
or any other newsreader), and configure a news account, pointing to
news.microsoft.com. Anonymous access. It's free - no username or password
required nor do you need a Newsgroup Usenet account with your ISP. It
connects directly to the Microsoft Public Newsgroups. OEx allows you
o easily find, track threads, cross-post, sort by date, poster's name,
watched threads or subject. It's easy:
How to Configure OEx for Internet News
http://support.microsoft.com/?id=171164
"Quitting smoking is easy. I've done it a thousand times." - Mark Twain
.
- Prev by Date: event ID : 5421 DNS problem
- Next by Date: Re: GC & DNS ISSUE
- Previous by thread: Re: dns for isp's
- Next by thread: event ID : 5421 DNS problem
- Index(es):
Relevant Pages
|
