Is there any reason why you would not want to AD integrate a DNS zone that is
not associated with an Active Directory domain. I know it can be done, are
there any issues associated with doing it or reasons why you might not want
to do this?

Thanks

Read inline please.

In news:860344F8-1FEE-48D0-A595-(E-Mail Removed),
Bryan Erwin <(E-Mail Removed)> typed:
> Is there any reason why you would not want to AD integrate a DNS zone
> that is not associated with an Active Directory domain. I know it can
> be done, are there any issues associated with doing it or reasons why
> you might not want to do this?

If you are hosting a zone for a Publicly available domain and want full
control of NS and SOA MNAME records. By using AD integrated zones, you
increase the security on the zone, but you lose some control over those
records. You can add NS records, but the DC will create it's own NS record
and name itself as the Master Name server on the SOA.
By using standard zones you can make the NS and MNAME records to suit the
network they serve.



--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps

===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================

That makes sense. What about zones for non ad ware devices that may only need
to be accessed/resolved by users in specific locations. By AD integrating,
this data gets unnecessarily replicated throughout the entire enterprise. Is
this a valid reason not to AD integrate a zone, especially one that host not
ad aware hosts?

Thanks

"Kevin D. Goodknecht Sr. [MVP]" wrote:

> Read inline please.
>
> In news:860344F8-1FEE-48D0-A595-(E-Mail Removed),
> Bryan Erwin <(E-Mail Removed)> typed:
> > Is there any reason why you would not want to AD integrate a DNS zone
> > that is not associated with an Active Directory domain. I know it can
> > be done, are there any issues associated with doing it or reasons why
> > you might not want to do this?
>
> If you are hosting a zone for a Publicly available domain and want full
> control of NS and SOA MNAME records. By using AD integrated zones, you
> increase the security on the zone, but you lose some control over those
> records. You can add NS records, but the DC will create it's own NS record
> and name itself as the Master Name server on the SOA.
> By using standard zones you can make the NS and MNAME records to suit the
> network they serve.
>
>
>
> --
> Best regards,
> Kevin D. Goodknecht Sr. [MVP]
> Hope This Helps
>
> ===================================
> When responding to posts, please "Reply to Group"
> via your newsreader so that others may learn and
> benefit from your issue, to respond directly to
> me remove the nospam. from my email address.
> ===================================
> http://www.lonestaramerica.com/
> http://support.wftx.us/
> http://message.wftx.us/
> ===================================
> Use Outlook Express?... Get OE_Quotefix:
> It will strip signature out and more
> http://home.in.tum.de/~jain/software/oe-quotefix/
> ===================================
> Keep a back up of your OE settings and folders
> with OEBackup:
> http://www.oehelp.com/OEBackup/Default.aspx
> ===================================
>
>
>

Read inline please.

In news:F46ACAB0-5B75-4AEC-BC7B-(E-Mail Removed),
Bryan Erwin <(E-Mail Removed)> typed:
> That makes sense. What about zones for non ad ware devices that may
> only need to be accessed/resolved by users in specific locations. By
> AD integrating, this data gets unnecessarily replicated throughout
> the entire enterprise. Is this a valid reason not to AD integrate a
> zone, especially one that host not ad aware hosts?

Actually, replication depends a lot on your Forest structure, if you have
multiple domains in your forest, you can choose to replicate to
DomainDNSZones or a custom replication partition.
Yes, you can use Primary/secondary zones for names that must resolve
differently from site to site.


--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps

===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================