> The lesson here is to determine which to do and implement > without exception. The problem with doing it after the > fact is that you WILL break something.
Ding ding ding, we have a winner... Exactly. You will break something and no matter what you do, someone will be pissy about it. The UNIX folks coming in tend to be happy with the broken up zoning, the Windows guys coming in tend to hate it. However I haven't had many good Windows people come in the door off the street so it is generally easier to dismiss them. Actually any more I am getting more and more to the point where I look at a UNIX person as someone that can be trained to do well on Windows Servers and Windows people are someone that can work the help desk. Yeah, cynical I know. :op Come on Server Foundation. joe -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Tuesday, March 29, 2005 1:01 PM To: [email protected] Subject: RE: [ActiveDir] Compelling arguments? Our existing setup involves exactly as described by joe, BIND servers at the root that feed down to further bind servers at each location with the exception of the Americas. The americas have a majority of win2k DNS servers but also some bind. So you may have AD domains of americas.corp.com, europe.corp.com, and asiapacific.corp.com. You then have locations within americas like buenos aires, sao paolo, new york city. So you have site codes bue, spo, and nyc. With dns domains for each location of bue.sub, spo.sub, and nyc.sub with the sub domain being delegated from the central bind server to the localized servers. Our situation is that our client services team prefers to use the AD domain for resolution of client names, our colleagues in different areas prefer to use the bind services for many applications, so what we end up with is a mixed implementation and inconsistent client settings inside the organization that lead to one machine having a need for a static entry in the localized dns while the machine updates its hostname in the AD domain automagically. Now we have two host records for the same machine, and an inconsistent PTR record as well. We have unix based apps that implement a tcp wrapper to determine a machines identity but because there are different settings or duplicates in the localized dns, AD dns, and the PTR records, the application breaks upon forward and reverse lookup (whoever thought it was a good idea to use DNS as a security mechanism should be choked).... The lesson here is to determine which to do and implement without exception. The problem with doing it after the fact is that you WILL break something. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Phil Renouf Sent: Tuesday, March 29, 2005 12:29 PM To: [email protected] Subject: Re: [ActiveDir] Compelling arguments? Agreed. I'd love to get more info on your view on that though; get some more details of how you would set it up in that type of environment given the chance ;) The issue of geographic DNS isn't something I'd thought of unless it was also attached to a multi domain geographic type forest (NA, Asia, Europe etc.) Phil On Tue, 29 Mar 2005 12:20:06 -0500, Brent Westmoreland <[EMAIL PROTECTED]> wrote: > As always, thanks for the thorough reply, mate... > List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
