Thanks Deji, Awesome, thanks for the reply. Everything makes sense except the part about query for domain other than my innternal domain, will resolve to the Wildcard. I thought that MS (NT 4.0 and later I think) will put a "." at the end of each unqualified multi label query. Also, I was under the impression that MS will only append the suffix if it's an unqualified single label query. I'm not second guessing here, I just want to make sure I'm understanding this before I decide to allow the wildcard or not. Again, thanks for the reply and the detailed info. Mike.
________________________________ From: [EMAIL PROTECTED] on behalf of [EMAIL PROTECTED] Sent: Fri 5/27/2005 11:33 AM To: [email protected] Subject: RE: [ActiveDir] Catch all DNS record It *should* be fine. A catch-all will only be mapped for non-existent records, so if the records exists in DNS, the lookup for that record will resolve to the right resource. Now, I qualify "should" because there are some interesting behaviors you will see when using DNS wildcards. One of them is the crazy "dot terminated" behavior. If you use wildcards, now all your lookups for records in THAT zone will either now have to be done without appending the zone name, or, if you append the zone name, must have "." appended at the end. This leaves you in a somewhat unsteady state. Say, for example, you have an app looking for an SRV record of, say, "_ldap._tcp.dc._msdcs.internaldomain.com", unless the app looks for either "_ldap._tcp.dc._msdcs" or "_ldap._tcp.dc._msdcs.internaldomain.com.", that lookup will ALWAYS resolve to the IP address you've wildcarded your records to, and not to your DCs as expected. This behavior affects any record, I just used SRV records as an example. A lookup for, say, "yahoo.com" will resolve to the IP you've wildcarded because the lookup will be resolved as "yahoo.com.internaldomain.com" because of the missing "trailing dot". So, as you can see, the problem with wildcarding is not so much with whether the zone is an internal DNS zone or not. It's more with how your resolutions will function after making the change. Sincerely, D�j� Ak�m�l�f�, MCSE+M MCSA+M MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon ________________________________ From: [EMAIL PROTECTED] on behalf of Mike Newell Sent: Fri 5/27/2005 9:16 AM To: [email protected] Subject: [ActiveDir] Catch all DNS record Hey, My company has recently purchased the same domain that our internal domain is named so I'm having to setup DNS to manage both. Not a big deal but I'm being asked to add a DNS record *.internaldomain.com that will point to a public web server and I'm not sure if this will negatively affect AD. Will a catch all DNS entry affect the way the directory functions now that something that wouldn't necessarily resolve to an IP will resolve once I set this up? Any advice is appreciated. Thanks again, Mike. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
<<winmail.dat>>
