I would like to see where this best practice rule came from. My university is using the .local structure because when we begin putting up AD domains this was the best practice. Right now we are considering a proposal to put up another AD domain and I would like it to be as up-to date as it can be. So, can you point me in the direction of your source.
Thanks, Chuck -----Original Message----- From: Roger Seielstad [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 05, 2002 2:34 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] AD upgrade DNS namespace questions. While there's no requirement to use *the* organizations DNS domain, it is strongly suggested to use a valid, registered DNS domain, and NOT to use .local Specifically, it guarantee's uniqueness of domain names, in case there is ever a time in which 2 organizations decide to enter a trust relationship, etc. We chose to register 2 generic DNS names for our forest root and production domains. The .local suggestion was done, IIRC, as part of the JDP program, and after the deployments began, it became apparent that there are some pretty big potential conflicts out there, and that using valid, registered domains is really the best practice. ------------------------------------------------------ Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis - Formerly Harbinger and Extricity Atlanta, GA > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > Sent: Thursday, December 05, 2002 3:16 PM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] AD upgrade DNS namespace questions. > > > I have done 5 enterprise sized production > installations/implementations > of AD and have always used the .local dns suffix. AD's DNS does not > need to be globally routable. > > Example: > NetBIOS domain name of ThanksBill > DNS domain name of ThanksBill.local > > Internal DNS (unregistered DNS) and External DNS (your registered DNS > name) are then maintained in separate zones (Internal never to be > replicated outside your network). My internal clients are assigned > the internal zone as the primary DNS suffix through DHCP (done > manually for > static IPs) and I add the external DNS zone as an alternate search > suffix. Intranet sites are registered in the non registered zone > intranet.thanksbill.local and internet sites are registered in the > registered DNS zone www.thanksbill.com > > If you were hosting your own registered DNS zone and maintained it on > you internal network letting TCP and UDP port 53 pass through your PIX > this setup would keep the AD DNS and Registered DNS zones > separate.....a good thing indeed. I would never recommend allowing > any traffic to pass > into your internal network, this was just an example. I would host my > registered DNS in a perimeter zone (DMZ for those of use not in Korea) > and maintain my MX and Internet records separate from my internal DNS > servers. > > I am sure others have a more articulate explanation, but I > think you are > on the right track. > > > > -----Original Message----- > From: Jim Busick [mailto:[EMAIL PROTECTED]] > Sent: Thursday, December 05, 2002 2:32 PM > To: '[EMAIL PROTECTED]' > Subject: [ActiveDir] AD upgrade DNS namespace questions. > > > We are planning to upgrade our single NT domain to AD and I > want to make > sure I understand about how we will name the domain. Currently our NT > domain name is SSD_DOMAIN0 (yeah, I know. I was handed it) and our > registered domain name is santee.k12.ca.us. We are NAT'd behind a PIX > and using 10. private address and only need our website and Exchange > (5.5) visable to the internet. As I understand it, when I run > the Win2k > upgrade I will be asked for the FQDN, I assume that I should use > santee.k12.ca.us, right. If I do, how will this affect our > downlevel (we > still have W9x) clients. I've read that I shouldn't use your > registered > DNS name for the AD, something like ssd.santee.k12.ca.us. Any > advice on > this subject would be appreciated. > > TIA > Jim Busick > Database Network Analyst MCSE > Santee School District > Santee, CA 92071 > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
