Title: Re: [ActiveDir] Compelling arguments?
As always, thanks for the thorough reply, mate...
From: joe <[EMAIL PROTECTED]>
Reply-To: <[email protected]>
Date: Tue, 29 Mar 2005 10:29:11 -0500
To: <[email protected]>
Subject: RE: [ActiveDir] Compelling arguments?
Ah you mean DNS disjoint namespace. I know of a couple of large orgs that do this either because Bind Based DNS is full deployed to a very large base and they don't want to change it and/or they feel a machine in California shouldn't have the same DNS Suffix as a machine in New York (I tend to be in that category as well - I like geographic based DNS names). It is supported from an OS standpoint however it requires some additional perms on the computer objects so the computers can properly update their SPNs and dNSHostNames (though these aren't needed for DCs obviously). I don't think it would be very fun to have some 100,000+ machines all in a DNS zone called ad.company.com. It almost seemed an attempt to get away from WINS by making DNS act like WINS on a domain by domain basis.
The biggest downside to doing this is Microsoft and other software vendors keep forgetting it is a supported configuration with applications. Check out MOM2005, the latest SMS whatever that is, some of the EMC NAS solutions, etc. If you do this, every application that goes through testing, integration, certification needs to be tested for disjoint namespace capability. I have seen a couple of occasions where someone was really bright and set up a disjoint production namespace but their test environment wasn't disjoint so they would spend all of this time in test to say something works great and deploy to production and watch it blow up immediately.
The other major downside I can think of is around name resolution. If you aren't using WINS, you better like specifying FQDNs for machines. This also applies to multidomain forest environments as well as environments using disjoint namespace though. Personally, I like WINS (or should I say NBNS as the RFC calls them). I think it got a bum rap from people who used it and didn't understand how to keep it running well or those that didn't want, for some, reason, to have unique host names like those folks who think you need a machine named www to host a website called www.company.com <http://www.company.com> . There have been times I have actually considered implementing an NBNS in case MS decides to drop WINS Server from support. Mine would be a little different though, accepting dynamic updates would be configurable, I see great value in an NBNS that does not accept client registrations but instead only gives out info put in by an admin.
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brent Westmoreland
Sent: Tuesday, March 29, 2005 10:06 AM
To: [email protected]
Subject: [ActiveDir] Compelling arguments?
Are there compelling arguments to use the DNS Domain name of your AD Domain as the primary DNS Suffix versus a different DNS extension from a client functionality perspective?
Clients are still able to resolve the AD DNS Domain but most do not use it as their primary suffix.
Any thoughts welcome.
- Re: [ActiveDir] Compelling arguments? Brent Westmoreland
- Re: [ActiveDir] Compelling arguments? Phil Renouf
- RE: [ActiveDir] Compelling arguments? Mulnick, Al
- RE: [ActiveDir] Compelling arguments? brent.westmoreland
- RE: [ActiveDir] Compelling arguments? Isenhour, Joseph
