SuperGumby [SBS MVP] wrote:
> rubbish.
Well, I wouldn't go THAT far. :-)
>
> Though it is possible for AD to run a split horizon DNS most times
> this just causes a greater administrative cost.
How so? Split horizon by definition means that the internal & external
domains don't have anything to do with each other. You can be authoritative
for your AD domain & your ISP can be authoritative for your external domain,
and never the twain shall meet and argue.
>
> When you install AD and tell it it is SOA for your domain
....but that isn't what most people who ask this question are going to do or
are after.
> you are
> assuming resposibility to perform several things.
> The SOA and first replication partner for your FQDN should be
> physically seperate, not different boxes but geographically seperate.
> They should be on seperate internet connections provided by ISP's who
> are not connected in any way.
>
> But hang on, we're assuming that they are IN FACT SOA for the domain.
> In the great majority of cases this is not so.
Yep.
>
> The fact that the person is asking about why/how to do it also
> suggests they should not be doing so.
I don't get the impression from the original post that this is what they had
in mind...
> In a large corporate
> environment with a full IT section, with complex requirements for
> their FQDN space, with skilled staff, this question doesn't get asked
> in a newsgroup.
>
> The great majority of posters on this topic are in smaller
> environments whose FQDN is actually hosted by their ISP and/or
> webhosting service. All they really want is a pointer to
> my.office.somewhere so that they can receive mail via SMTP, maybe
> access their office mail via the web and VPN via name rather than IP.
> If they tell AD it is responsible for their FQDN they introduce
> problems.
Disagree, for the most post. Because split brain or split-horizon DNS means,
your domain.com
(internal/AD) and your domain.com (external) are two separate things
entirely, it doesn't have to cause any problems.
Now, if I were to be so silly as to name my AD domain microsoft.com, I'd
have a helluva time getting to the real MS sites, etc., but if someone wants
mydomain.com for AD, and also
has a publicly registered domain of the same name, with, say, their ISP or
someone else authoritative for the public mydomain.com, it wouldn't cause
any real problems - in a matter of seconds I could set up a host called www
in the internal DNS, and point it at the web site's public IP address. Etc.
Internal DNS of domain.local or domain.fake or whatever you want to use is a
fine thing and I tend to prefer it myself - but isn't at all mandatory.
Hosting
one's public DNS in-house is of course ill advised unless one has full
understanding of how it works and has the infrastructure to support it (a
separate DNS server)
>
> BUT, I'm prepared to learn. Please tell me not whether it is possible
> but the advantages to be gained. What benefits do I get compared to
> the costs?
It's cosmetic, really. I don't think it's a huge benefit, but I don't think
it's a huge problem, either. I've set up networks both ways. When I see this
question in here I tend to recommend .local or something, and always mention
that the ISP or someone else should retain authority for the public domain.
>
> <(E-Mail Removed)> wrote in message
> news:L1e7d.18415$(E-Mail Removed). net...
>> why do people still insist on saying things like this? splitbrain
>> dns is perfectly feasible. maybe back in the nt/windows 95 days it
>> made sense to use domain.somethingotherthanatopleveldomain, but not
>> anymore.
>>
>>
>> "SuperGumby [SBS MVP]" <(E-Mail Removed)> wrote in message
>> news:%(E-Mail Removed)...
>>> WHY?
>>>
>>> domain.local (or .lan or .AnythingOtherThanARealTopLevel) is the
>>> ONLY sensible thing for your AD DNS.
>>>
>>> "Sam" <(E-Mail Removed)> wrote in message
>>> news:(E-Mail Removed)...
>>>> Hi, I have a client whos network was setup with as
>>>> domainanme.local I would like to change this to a domain.com if
>>>> posible. Can this be done?
|
Similar Threads
Linear Mode
