CNAME record

Hi there,

I'm wondering whether you have such experience. In fact, all of our IP
addresses come from our university, so they have their own A records. If I
give CNAME records for those IP address instead of A records on our DNS
servers, especially, for the DNS server runnong on Domail Controller, will
it bring some trouble? It seems yes, but I dare not to try again on our
domain.

Thanks.

Ray

Why would you want to?

Are you asking can you have multiple different names for the same servers?
If so, the answer is yes, but you need to make registry changes (search for
disableStrictNameChecking) on the machines in question.

--
Paul Williams
Microsoft MVP - Windows Server - Directory Services
http://www.msresource.net | http://forums.msresource.net

Sorry, Paul. My question confused you. I don't need multiple names on the
same server.

My question was, for example, the IP address of one of our DCs running DNS
is 1.2.3.4, and when I applied for the IP address, our university has given
it a name (A record), PC1.university.edu -> 1.2.3.4, and my domain is
cs.university.edu, and its name in our domain is ADC.cs.university.edu. Then
here is the problem, whether may I set up a CNAME record on my DNS as
ADC.cs.university.edu CNAME PC1.university.edu, whether does it bring any
trouble for those clients in my domain? Anyway, if I set up an A record on
my DNS server, that is, ADC.cs.university.edu -> 1.2.3.4, there is no any
problem.

I wish I had addressed the problem clearly. Thanks.

Ray


"Paul Williams [MVP]" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Why would you want to?
>
> Are you asking can you have multiple different names for the same servers?
> If so, the answer is yes, but you need to make registry changes (search
> for
> disableStrictNameChecking) on the machines in question.
>
> --
> Paul Williams
> Microsoft MVP - Windows Server - Directory Services
> http://www.msresource.net | http://forums.msresource.net
>
>

If your DCs name is node.dom.domain-name.com it will be registering in the
dom.domain-name.com zone. If that zone doesn't exist, you should create
that zone on your Windows NT 5.x DCs and get the DNS admins of
domain-name.com to create a delegation for dom.domain-name.com.

You shouldn't need to create any CNAME records, as the DC will register all
necessary records in the DNS zone that is authorative for its namespace.

If, however, your namespace is domain-name.com and you wish to subdivide
nodes among DNS sub-domains, you need to implement what is often referred to
as a dis-joint namespace. The following article discusses what changes are
needed in AD to support such a configuration:
-- http://www.msresource.net/content/view/40/46/


If neither of the above apply, please elaborate on your current DNS setup.
You don't need DDNS, but it is recommended.

--
Paul Williams
Microsoft MVP - Windows Server - Directory Services
http://www.msresource.net | http://forums.msresource.net

I'd like to use DDNS, but there are some problems if I use DDNS.

Currently, we have ISA as our publish firewall, so IP addresses of our
servers are internal addresses. Because most of our clients are uisng
Internet IP addresses directly, but there are some routes on our routers so
that they can access our servers (internal IP address) directly (we have DFS
service and exchange server), so I could not put two groups of DNS servers
(one for internal and the other for external). And we only have one domain
name, cs.univerity.edu.

If I use DDNS, the problem is the DNS server always put itself in NS record!
If Internet hosts try to search our servers, for example, web server, they
may get an NS record (adc.cs.university.edu) which is an internal IP
address. However, they cannot access our server by the internal IP address
(maybe they have the address in their internal network). Of course, we have
other NS records with Internet addresses, they may provide name translation,
but DELAY is a problem and I don't know whether it may bring some security
problem.

BTW, the university's DNS servers are not Microsoft Windows Domain, just
general DNS servers, we are required to provide name translation by
ourselves.

Thanks again, Paul.

Ray

I speed read that, so not sure if I follow completely. But it seems to me
you simply need two lots of DNS. Your external stuff, and your internal
stuff. You then configure your internal DNS with a couple of duplicate
records, such as www that map to that of the external DNS. This is often
referred to as split brain DNS.

Your external DNS holds records for www, ftp, etc.
Your internal also holds these records (for the internal people) and holds
all of your AD stuff too.

The external is non-dynamic; the internal is dynamic.

Or have I missed something?

--
Paul Williams
Microsoft MVP - Windows Server - Directory Services
http://www.msresource.net | http://forums.msresource.net

You missed the key part, I CANNOT SET UP TWO GROUPS OF DNS SERVERS. Also,
all IP addresses of clients come from the university, I don't have DHCP
servers, the university has, and the university is OpenVMS system. For such
ISA system, people usually set up two groups of DNS, internal and external,
but for my case, I cannot.

Anyway, thanks, Paul.

Ray

"Paul Williams [MVP]" <(E-Mail Removed)> wrote in message
news:u$gH$(E-Mail Removed)...
>I speed read that, so not sure if I follow completely. But it seems to me
> you simply need two lots of DNS. Your external stuff, and your internal
> stuff. You then configure your internal DNS with a couple of duplicate
> records, such as www that map to that of the external DNS. This is often
> referred to as split brain DNS.
>
> Your external DNS holds records for www, ftp, etc.
> Your internal also holds these records (for the internal people) and holds
> all of your AD stuff too.
>
> The external is non-dynamic; the internal is dynamic.
>
> Or have I missed something?
>
> --
> Paul Williams
> Microsoft MVP - Windows Server - Directory Services
> http://www.msresource.net | http://forums.msresource.net
>
>

How is your DNS currently setup? What are the DCs pointing to? What zones
are on the DNS servers that the DCs are pointing to?

--
Paul Williams
Microsoft MVP - Windows Server - Directory Services
http://www.msresource.net | http://forums.msresource.net

A single DOMAIN contains IP records of all servers and clients. DNS servers
of All DCs and servers are pointing to the DNS servers of my domain, but the
clients are not. We only have one domain so we only have one zone on the DNS
servers. Currently, the only primary DNS server is an A recrod on it, others
are CNAME records

Thanks.

Ray

"Paul Williams [MVP]" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> How is your DNS currently setup? What are the DCs pointing to? What
> zones
> are on the DNS servers that the DCs are pointing to?
>
> --
> Paul Williams
> Microsoft MVP - Windows Server - Directory Services
> http://www.msresource.net | http://forums.msresource.net
>
>

I've lost touch of what's going on here, so forgive me. But why are the DCs
using one zone and the clients another? That isn't correct. They should
all be using the same zone.

--
Paul Williams
Microsoft MVP - Windows Server - Directory Services
http://www.msresource.net | http://forums.msresource.net