Split-brain DNS

[sagy]

Hi,

Our network has 8 locations each will have a Windows 2000 DC and VPN between
all sites.
in addition we will have remote users using VPN clients to connect remotely
to the network with domain authentication.
I have registered the domain name that I'm going to use on the AD on the
Internet so although it's only for internal use - it will always stay
globally unique.
The name is used to help internal users (also users from remote sites but
inside the VPN) have a more friendly name in accessing the Intranet like -
www.domain.com.
and also in accessing the VPN from the Internet e.g., vpn.domain.com.

In the above scenario, is there a reason for me to avoid using domain.com
for the AD?
All the threads on the subject are saying its better to use domain.local or
corp.domain.com but we'll end up with longer and less friendly names.

I'd like to avoid complex configurations with split-brain DNS, and 2 DNS
zones for eternal and internal.

Thank you.

 

[Kevin D. Goodknecht [MVP]]

In

Hi,

Our network has 8 locations each will have a Windows 2000 DC and VPN
between all sites.
in addition we will have remote users using VPN clients to connect
remotely to the network with domain authentication.
I have registered the domain name that I'm going to use on the AD on
the Internet so although it's only for internal use - it will always
stay globally unique.
The name is used to help internal users (also users from remote sites
but inside the VPN) have a more friendly name in accessing the
Intranet like - www.domain.com.
and also in accessing the VPN from the Internet e.g., vpn.domain.com.

In the above scenario, is there a reason for me to avoid using
domain.com for the AD?
All the threads on the subject are saying its better to use
domain.local or corp.domain.com but we'll end up with longer and less
friendly names.

I'd like to avoid complex configurations with split-brain DNS, and 2
DNS zones for eternal and internal.

Thank you.

Use domain.local it will work better for the VPN users, you can still add
domain.com to the UPN logon so users can logon with (e-mail address removed) then it
will make the domain.local name kind of transparent.
You can also use corp.domain.com and still add the UPN of domain.com.

 

[sagy]

Will I then be able to use www.domain.com for Intarnet access? If I will be
hosting doman.local zone, where the zone for domain.com will be hosted?
If I will use corp.domain.com, will I need to have an "empty" AD root server
for domain.com for future grow?

Thank you.

 

[Kevin D. Goodknecht [MVP]]

In

Will I then be able to use www.domain.com for Intarnet access? Yes.

If I
will be hosting doman.local zone, where the zone for domain.com will
be hosted?

Let your ISP or registrar host the domain.com zone, where they have DNS
server closer to the backbone.

If I will use corp.domain.com, will I need to have an "empty" AD root
server for domain.com for future grow?

corp.domain.com can be the forest root, from there you can go with new
domains in the same tree (child.corp.domain.com) or a new domain tree in the
existing forest (domain.com.eu or something of the sort)

 

[sagy]

Hi,
I think I didn't explain myself right.
I need the www.domain.com to be accessed only from inside the network - from
the intranet not from the internet.
If my ISP will host it - I will need to use it publicly.

 

[Kevin D. Goodknecht [MVP]]

In

Hi,
I think I didn't explain myself right.
I need the www.domain.com to be accessed only from inside the network
- from the intranet not from the internet.
If my ISP will host it - I will need to use it publicly.

then create a zone named www.domain.com and put a blank host in the zone
with the IP of the site.

 

[sagy]

So I can use domain.com for my domain name?

In

then create a zone named www.domain.com and put a blank host in the
zone with the IP of the site.



--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
============================

 

[Kevin D. Goodknecht [MVP]]

In

So I can use domain.com for my domain name?

You can use and DNS compatible name you want, no single label name, be aware
there are some workarounds you'll need to do for records that need to be in
both the internal and external namespace.

 

[sagy]

Thank you very much - I'll do that.

In
You can use and DNS compatible name you want, no single label name,
be aware there are some workarounds you'll need to do for records
that need to be in both the internal and external namespace.



--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
============================

--