DNS domain names?

[Dan]

I asked this question in the DNS forum and got completely
different answers so I thought I'd try here. I have
inherited a fully functional domain with a couple hundred
users; the domain name is company.com. Now, where things
get tricky is that the company hosts their root DNS on
BIND and cannot make the AD servers authoritative. What
I'd like to do is run the domain company.com under a DNS
subdomain for ad.company.com. Are there issues with
having a domain name that doesn't match the DNS domain
name? Anyone done this?
Thanks,
Dan

 

[Tomasz Onyszko]

I asked this question in the DNS forum and got completely
different answers so I thought I'd try here. I have
inherited a fully functional domain with a couple hundred
users; the domain name is company.com. Now, where things
get tricky is that the company hosts their root DNS on
BIND and cannot make the AD servers authoritative. What
I'd like to do is run the domain company.com under a DNS
subdomain for ad.company.com. Are there issues with
having a domain name that doesn't match the DNS domain
name? Anyone done this?

The Question You want to ask is: Are there issues with
having a domain name that doesn't match the external DNS domain
name?

Am I rigtht about this question ?

No ther are not any issues - You ahve to remember that AD DNS domain
space is internal and does not have to be the same like the company's
Internet domain.

But You can use the same domain name for Internet users and for Your AD
design - this is called split brain DNS:
http://www.winnetmag.com/Windows/Article/ArticleID/21128/21128.html
http://www.microsoft.com/serviceproviders/whitepapers/split_dns.asp

This can be pain in the a.. for you to keep up, depending on the number
of records in Your Internet DNS and the names but can be done.

Basicly, You will have to maintain two times more DNS entries for
Internet domain - one set hosted on Your BIND server for Internet
pointing to the internet public IP's, and on the AD DNS servers You will
have to create the same entries but with the adresses which will be
avilable for your users, for example if HTTP Server is visible under the
A record called WWW and Internet address xxx.xxx.xxx.xxx from the
interent, and it is visible for Your internal users under the IP
address yyy.yyy.yyy.yyy fromYour internal network You will have to have
following entries:
- in external DNS:
WWW A xxx.xxx.xxx.xxx

- in internal DNS
WWW A yyy.yyy.yyy.yyy


The split brain DNS is not recommended (this is my personal opinion) but
it will work in this way.

 

[Dan]

Tomas, thanks for the reply, but no, that is not the
question I was trying to ask. I simply want to know if
changing the DNS domain that the domain I've inherited is
in will hurt anything. They have employed what you call
a "split brain" architecture (atleast what I understand it
to be at this point) and I hate having to deal with it.
They have their AD domain name set identically to their
top level internet domain (company.com). I'd like to
chage that to either ad.company.com or maybe even
companyinternal.com if need be. The problem is that
thinngs are already deployed and up in production. Can I
get away from split brain once implemented? If so, how?
Thanks,
Dan

 

[Tomasz Onyszko]

Tomas, thanks for the reply, but no, that is not the
question I was trying to ask. I simply want to know if
changing the DNS domain that the domain I've inherited is
in will hurt anything. They have employed what you call
a "split brain" architecture (atleast what I understand it
to be at this point) and I hate having to deal with it.
They have their AD domain name set identically to their
top level internet domain (company.com). I'd like to
chage that to either ad.company.com or maybe even
companyinternal.com if need be. The problem is that
thinngs are already deployed and up in production. Can I
get away from split brain once implemented? If so, how?

If this is pure Windows 2003 environment Yes, in windows 2000 or windows
2003 mixed - no. In windows 2003 You will find domein rename tool, in
Windows 2000 You will have to create new domain and migrate Your domain
resources to this new domain for example using ADMT