Two different groups (each) at with Compaq Consulting Services and Microsoft Consulting Services. I don't have anything that's not company-proprietary to share.
I also recall hearing the same recommendation at MEC2001 in Orlando as well - you might want to see if those session's are still available on Microsoft's website. ------------------------------------------------------ Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis - Formerly Harbinger and Extricity Atlanta, GA > -----Original Message----- > From: Charles Carerros [mailto:[EMAIL PROTECTED]] > Sent: Thursday, December 05, 2002 3:44 PM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] AD upgrade DNS namespace questions. > > > I would like to see where this best practice rule came from. My > university is using the .local structure because when we begin putting > up AD domains this was the best practice. Right now we are > considering > a proposal to put up another AD domain and I would like it to be as > up-to date as it can be. So, can you point me in the > direction of your > source. > > Thanks, > > Chuck > > -----Original Message----- > From: Roger Seielstad [mailto:[EMAIL PROTECTED]] > Sent: Thursday, December 05, 2002 2:34 PM > To: '[EMAIL PROTECTED]' > Subject: RE: [ActiveDir] AD upgrade DNS namespace questions. > > > While there's no requirement to use *the* organizations DNS domain, it > is strongly suggested to use a valid, registered DNS domain, > and NOT to > use .local > > Specifically, it guarantee's uniqueness of domain names, in case there > is ever a time in which 2 organizations decide to enter a trust > relationship, etc. > > We chose to register 2 generic DNS names for our forest root and > production domains. The .local suggestion was done, IIRC, as > part of the > JDP program, and after the deployments began, it became apparent that > there are some pretty big potential conflicts out there, and > that using > valid, registered domains is really the best practice. > > ------------------------------------------------------ > Roger D. Seielstad - MCSE > Sr. Systems Administrator > Inovis - Formerly Harbinger and Extricity > Atlanta, GA > > > > -----Original Message----- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > > Sent: Thursday, December 05, 2002 3:16 PM > > To: [EMAIL PROTECTED] > > Subject: RE: [ActiveDir] AD upgrade DNS namespace questions. > > > > > > I have done 5 enterprise sized production > > installations/implementations > > of AD and have always used the .local dns suffix. AD's DNS does not > > need to be globally routable. > > > > Example: > > NetBIOS domain name of ThanksBill > > DNS domain name of ThanksBill.local > > > > Internal DNS (unregistered DNS) and External DNS (your > registered DNS > > name) are then maintained in separate zones (Internal never to be > > replicated outside your network). My internal clients are assigned > > the internal zone as the primary DNS suffix through DHCP (done > > manually for > > static IPs) and I add the external DNS zone as an alternate search > > suffix. Intranet sites are registered in the non registered zone > > intranet.thanksbill.local and internet sites are registered in the > > registered DNS zone www.thanksbill.com > > > > If you were hosting your own registered DNS zone and > maintained it on > > you internal network letting TCP and UDP port 53 pass > through your PIX > > > this setup would keep the AD DNS and Registered DNS zones > > separate.....a good thing indeed. I would never recommend allowing > > any traffic to pass > > into your internal network, this was just an example. I > would host my > > registered DNS in a perimeter zone (DMZ for those of use > not in Korea) > > and maintain my MX and Internet records separate from my > internal DNS > > servers. > > > > I am sure others have a more articulate explanation, but I > > think you are > > on the right track. > > > > > > > > -----Original Message----- > > From: Jim Busick [mailto:[EMAIL PROTECTED]] > > Sent: Thursday, December 05, 2002 2:32 PM > > To: '[EMAIL PROTECTED]' > > Subject: [ActiveDir] AD upgrade DNS namespace questions. > > > > > > We are planning to upgrade our single NT domain to AD and I > > want to make > > sure I understand about how we will name the domain. > Currently our NT > > domain name is SSD_DOMAIN0 (yeah, I know. I was handed it) and our > > registered domain name is santee.k12.ca.us. We are NAT'd > behind a PIX > > and using 10. private address and only need our website and Exchange > > (5.5) visable to the internet. As I understand it, when I run > > the Win2k > > upgrade I will be asked for the FQDN, I assume that I should use > > santee.k12.ca.us, right. If I do, how will this affect our > > downlevel (we > > still have W9x) clients. I've read that I shouldn't use your > > registered > > DNS name for the AD, something like ssd.santee.k12.ca.us. Any > > advice on > > this subject would be appreciated. > > > > TIA > > Jim Busick > > Database Network Analyst MCSE > > Santee School District > > Santee, CA 92071 > > > > List info : http://www.activedir.org/mail_list.htm > > List FAQ : http://www.activedir.org/list_faq.htm > > List archive: > > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > List info : http://www.activedir.org/mail_list.htm > > List FAQ : http://www.activedir.org/list_faq.htm > > List archive: > > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
