|
I ran into this once. I managed to
convince the customer that it was a really bad idea. You’re right of
course, DDNS is a nono, you need some smart conversion of DNS records. That is
a big puzzle and a real administrative nightmare if you think it through. Some
other technical hurdles you don’t mention is that DC’s really like
2-way communication, so you need to take care to use a real NAT, not PAT (port
address translation). Yet another issue is that not all IP protocols survive
over a NAT. Those are protocols that have an IP address in their packet bodies,
or have some form of encryption or signing. You need a NAT translator to make
that work. That is probably the main reason MS will not support it. They won’t
have verified that all their protocols (millions of RPC’s!) survive over
NAT. Solutions… what about a VPN into the
NAT? That way the DC could have a ‘normal’ (non-NATted) address. -- Regards, Willem From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier, Guido last time I looked at replication of DCs in a NATed
network, I was rather disappointed - basically this is was no-no. Simply due to
name-resolution of the DCs (i.e. the IP-Address of a DC on one side of the NAT
is not what it should be on the other side of the NAT etc.). wondering how other folks work around this, if you just
happen to fall into one of these environments...? Trying to change the
network is a major undertaking, which could take months or even years in larger
companies - so mostly this is not an option. So do you - not use DDNS and manually register DCs on DNS servers
(differently per DNS server, depending on which side of NAT...)? - use DDNS and work around the issues in other ways? - setup special DNS zones in some magic way that solves all
the issues? - other ideas? I heard this is not supported by MS anyways - but I'd be
open to any solution... Thanks, Guido |
- [ActiveDir] AD in NATed environments Grillenmeier, Guido
- RE: [ActiveDir] AD in NATed environments Willem Kasdorp
- RE: [ActiveDir] AD in NATed environments Grillenmeier, Guido
- RE: [ActiveDir] AD in NATed environments Roger Seielstad
