Title: Multiple forests with a common DNS parent zone
* What is/are the reasons of
existance for the multiple forests?
- political reasons
* Why do you want to create one
forest with multiple child domains? What is the purpose of the child
domains? Why not create a single domain forest?
- political reasons. As an architect I suggested one domain in one
forest.
* Do you trust everyone within
the new forest that is a domain admin?
- to be worked on :) Trust is a dirty word right now
:)
* Why do you feel uncomfortable
with the proposal?
- I never liked the idea of re-using the external DNS name for an
internal AD and was concerned that re-using the same 'root' could cause
issues. I would prefer a clean break from .com and ideally from xxx too.
Maybe a compromise would be to use xxx.net...
My concerns were not based upon anything concrete and hence my question
to the list.
neil
For the information you have
posted I don't feel uncomfortable re-using the XXX.COM DNS name and building a
new forest root called GLOBAL.XXX.COM (assuming your internet presence is
XXX.COM). Isn't XXX the company's name?
In my opinion it is OK to
use:
* COMPANY.LOCAL for the forest
root if external is COMPANY.COM
* something like AD.COMPANY.COM
or GLOBAL.COMPANY.COM for the forest root if external is
COMPANY.COM
* something like
<COMMON-NAME>.<TLD> if external is COMPANY.COM
It all depends on your DNS and
name resolution requirements
Well.... a few questions come up..
* What is/are the reasons of
existance for the multiple forests?
* Why do you want to create one
forest with multiple child domains? What is the purpose of the child
domains? Why not create a single domain forest?
* Do you trust everyone within
the new forest that is a domain admin?
* Why do you feel uncomfortable
with the proposal?
my EUR 0,02
Cheers
Jorge
I have encountered a situation where 4 forests exist
today, all of which have a common DNS parent zone - let's call it
xxx.com.
Forest 1 has root domain named xxx.com with multiple
child domains
Forest 2 has root domain named
ap.xxx.com with multiple child domains
Forest
3 has root domain named am.xxx.com with multiple child domains
Forest 4 has root domain named jp.xxx.com with no
children
DNS resolution between the 4 forests works fine.
Xxx.com is hosted on UNIX BIND servers with all child zones delegated to Windows
DNS servers. All child zone DNS servers forward to the servers hosting xxx.com.
Existing forests are w2k native and no trusts exist between these
forests.
There is a proposal to build a new, fifth forest and
to migrate all objects from the 4 forests above into this new forest.
Forest 5 will have root domain named global.xxx.com
and 4 children - representing the 4 forests above.
Does anyone have any concerns over the re-use of the
same DNS name - xxx.com? I feel uncomfortable with this proposal but don't have
any technical reasons to block it.
Any comments?
Thanks,
neil
___________________________
Neil Ruston
Global Technology Infrastructure
Nomura International plc
Telephone: +44 (0) 20 7521 3481
PLEASE READ: The
information contained in this email is confidential and
intended for the
named recipient(s) only. If you are not an intended
recipient of this
email please notify the sender immediately and delete your
copy from your
system. You must not copy, distribute or take any further
action in reliance
on it. Email is not a secure method of communication and
Nomura International
plc ('NIplc') will not, to the extent permitted by law,
accept
responsibility or liability for (a) the accuracy or completeness of,
or (b) the presence
of any virus, worm or similar malicious or disabling
code in, this
message or any attachment(s) to it. If verification of this
email is sought then
please request a hard copy. Unless otherwise stated
this email: (1) is
not, and should not be treated or relied upon as,
investment research;
(2) contains views or opinions that are solely those of
the author and do
not necessarily represent those of NIplc; (3) is intended
for informational
purposes only and is not a recommendation, solicitation or
offer to buy or sell
securities or related financial instruments. NIplc
does not provide
investment services to private customers. Authorised and
regulated by the
Financial Services Authority. Registered in England
no. 1550505 VAT No.
447 2492 35. Registered Office: 1 St Martin's-le-Grand,
London, EC1A 4NP. A
member of the Nomura group of companies.
This e-mail and any
attachment is for authorised use by the intended recipient(s) only. It may
contain proprietary material, confidential information and/or be subject to
legal privilege. It should not be copied, disclosed to, retained or used by, any
other party. If you are not an intended recipient then please promptly delete
this e-mail and any attachment and all copies and inform the sender. Thank
you.
PLEASE READ: The information contained in this email is confidential and
intended for the named recipient(s) only. If you are not an intended
recipient of this email please notify the sender immediately and delete your
copy from your system. You must not copy, distribute or take any further
action in reliance on it. Email is not a secure method of communication and
Nomura International plc ('NIplc') will not, to the extent permitted by law,
accept responsibility or liability for (a) the accuracy or completeness of,
or (b) the presence of any virus, worm or similar malicious or disabling
code in, this message or any attachment(s) to it. If verification of this
email is sought then please request a hard copy. Unless otherwise stated
this email: (1) is not, and should not be treated or relied upon as,
investment research; (2) contains views or opinions that are solely those of
the author and do not necessarily represent those of NIplc; (3) is intended
for informational purposes only and is not a recommendation, solicitation or
offer to buy or sell securities or related financial instruments. NIplc
does not provide investment services to private customers. Authorised and
regulated by the Financial Services Authority. Registered in England
no. 1550505 VAT No. 447 2492 35. Registered Office: 1 St Martin's-le-Grand,
London, EC1A 4NP. A member of the Nomura group of companies.
