Windows Networking

[Guest]

Can you help me with a couple questions....

How would you tie your domain name into your domain controller?

If you register company.com would you name you create a new domain for your
home network/business network called company.com? Is it ok that your internal
domain name and your external domain name are the same?

 

[Steve Duff [MVP]]

Kelly:

It is fine to have your internal and external namespaces the
same, as long as you understand what this implies.

Since LAN users must use your LAN's DNS server to
resolve names for company.com (this is an Active Directory
requirement), it will have to answer 'authoritatively'
for company.com. The rest of the world will be using your
public DNS server -- presumably at some hosting
company -- to answer inquiries for company.com.

IOW, you have to keep these two name servers 'in sync', at
least to the extent you want the public to see the same names
and resource records.

This can actually be an advantage in some cases, but for most
sites it is easier to just use a domain name something like
"company.local" or "lan.company.com" instead. That way
your LAN DNS can then refer company.com queries to the
same outside DNS that everyone else uses and you don't
have to reflect your entries in both servers.

But if you've already named your domain and you're on Win2K
Server at least, you're pretty much stuck with the domain you have
of course.

Now if your idea is to use your LAN DNS server to also serve
the public DNS side, that is a Bad Idea.

HTH

Steve Duff, MCSE, MVP
Ergodic Systems, Inc.

 

[Frankster]

Now if your idea is to use your LAN DNS server to also serve

the public DNS side, that is a Bad Idea.

HTH

Steve Duff, MCSE, MVP
Ergodic Systems, Inc.

Steve, I understand most of what you wrote, but, why this last comment?
What's the difference?

-Frank

 

[Yor Suiris]

Steve, I understand most of what you wrote, but, why this last comment?
What's the difference?

Easy, The whole world then gets to see the setup of your LAN via the public
DNS and hackers have no problem knowing which machine to go after and how to
route in to it.

 

[Steve Duff [MVP]]

There are other issues as well besides security.

For example, suppose you have an inside web server
on an inside LAN address that is accessible through
your public IP. Which address do you put in DNS?
Obviously not the LAN address. But there are quite
a few firewalls and routers that are unable to loopback
their own public IP to the LAN. Problem.

Also, what happens when your server goes down?
People can't reach your DNS unless you map public
secondaries. If you have a backup MX it becomes
purposeless.

The whole idea is needlessly cumbersome given that
ultra-reliable public DNS hosting is free to almost-free
anyway.

Steve Duff, MCSE, MVP
Ergodic Systems, Inc.

 

[Frankster]

The whole idea is needlessly cumbersome given that

ultra-reliable public DNS hosting is free to almost-free
anyway.

Steve Duff, MCSE, MVP
Ergodic Systems, Inc.

Yeah, I see. I used the same xxx.com for both my internal and external
names. No issues. I did, of course, have to make sure it wasn't taken
first. I run multiple websites on one public static IP as well, using host
headers on IIS6 (IIS5 before that). Works great. However, as you say, I
keep my internal and external DNS in sync. I use an external DNS service
that I can manage directly and change it on a moments notice.

Thanks,

-Frank