DNS Domain name question

B

Bill Stewart

Problem:

I am part of a name space xyz.edu and have no control of the
DNS/Domain namespace. I mean I can have hosts added and deleted with
an email but that's it. I need to set up Active Directory that is
totally separate from xyz.edu. We access many hosts in the xyz.edu.

Obviously I can not use split-brain because of all the hosts that we
access from here.

Question: Since this is not really a internal/external firewall type
set up, can I still use a totally different domain name for my AD
Domain? This would mean that every host would have 2 names. One that
xyz.edu knows in its DNS and the other xyz.local that my DNS knows
about. I don't want to set this all up and get hit with a gotcha that
I missed. This seems a little different then the ones I have seen in
the group.

TIA
 
K

Kevin D. Goodknecht [MVP]

In
Bill Stewart said:
Problem:

I am part of a name space xyz.edu and have no control of the
DNS/Domain namespace. I mean I can have hosts added and deleted with
an email but that's it. I need to set up Active Directory that is
totally separate from xyz.edu. We access many hosts in the xyz.edu.

Obviously I can not use split-brain because of all the hosts that we
access from here.

Question: Since this is not really a internal/external firewall type
set up, can I still use a totally different domain name for my AD
Domain? This would mean that every host would have 2 names. One that
xyz.edu knows in its DNS and the other xyz.local that my DNS knows
about. I don't want to set this all up and get hit with a gotcha that
I missed. This seems a little different then the ones I have seen in
the group.

TIA
Click to expand...

Can you get a delegation added?
The best way to set this up is to give your AD domain a child name, such as
"child.xyz.edu" then have the name "child" delegated to the Domain
Controller from the "xyz.edu" zone.
That way no matter which DNS server its members are using it can find the
DCs SRV records, and also allows the DC to automatically register its
records in DNS.
 
H

Herb Martin

Kevin offered you the standard answer -- I too would
pursue having the parent zone (xyz.edu) delegate to your
zone, e.g., yourADdomain.xyz.edu.

Then you can enable "parent suffix" searching and clients
can type things like WWW and if no xxx.yourAddomain.xyz.edu
is found, it will try www.xyz.edu etc.
 
B

Bill Stewart

I was thinking that too but I have 2 constraints and I am not sure if
it would create problems:

The network here is large (and we are a small unit within it) and it
is one flat class B address. It is bridged and filtered. There are no
sub domains and they will not create one for me. Changing the DNS
structure of the network I am on is not an option.



Can I still have my AD domain name be a sub domain anyway? Like
yourADdomain.xyz.edu. Even though it is not that way in the global DNS
naming system. I realized that my Windows hosts will be resolving
with a AD DNS and to them it won't matter but not all machines are
Windows. I do not control the Unix boxes so they will be resolving
and named as they always have been.

I think I can use the "fake" sub domain approach but I am afraid that
once I get going, I will run into some naming snag. I would like to
avoid that.
 
H

Herb Martin

Kevin offered you the standard answer -- I too would
Bill Stewart said:
The network here is large (and we are a small unit within it) and it
is one flat class B address. It is bridged and filtered.
Click to expand...

None of the above is likely relevant.
There are no
sub domains and they will not create one for me. Changing the DNS
structure of the network I am on is not an option.
Click to expand...

Then they are going to NEED to make their DNS zone dynamic which
is going to be VERY unpleasant and unpalatable to them (me too.)

Then you are going to create a private zone that is NOT within their
tree.

Assuming you AD deployment is "approved" you have a POLITICAL
problem that might need to be resolved by "your management" talking
to "their management".

If you deployment is approved they are likely being "unreasonable",
perhaps even "obstructionist" in refusing to DELEGATE to your
zone.
Can I still have my AD domain name be a sub domain anyway? Like
Click to expand...

You can, but it won't really be part of their "tree" or findable from "their
namespace".

If you mean seemlessly, then "No, you cannot."
yourADdomain.xyz.edu. Even though it is not that way in the global DNS
naming system. I realized that my Windows hosts will be resolving
with a AD DNS and to them it won't matter but not all machines are
Windows. I do not control the Unix boxes so they will be resolving
and named as they always have been.
Click to expand...

This is NOT an issue IF the parent zone will delegate.

Delegation is the RIGHT way.
I think I can use the "fake" sub domain approach but I am afraid that
once I get going, I will run into some naming snag. I would like to
avoid that.
Click to expand...

It can be made to work, the same as a private zone/domain, can also
resolve the Internet -- they are just making it hard on your for no apparent
reason.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Multiple Domain Questions 2
DNS name resolution slow - the first time... 1
Resolving DNS sub-domains 3
Moving legacy domain to Windows host 1
Win 2000 - Unable to Resolve Host Domain Names From Host Web Server 1
DNS at two sites 6
DNS Forwarding/resolving for a specific host 2
DNS record for company domain name 1

Top