RE: [ActiveDir] DNS DOCUMENTATION

[Akomolafe, Deji]

Couldn't make the con-call.   But we have been asking for this for some time now. Do you have any shareable info on what MS is doing along that line?   Sincerely,    _____                                  (, /  |  /)               /)     /)       /---| (/_  ______   ___// _   //  _  ) /    |_/(__(_) // (_(_)(/_(_(_/(__(/_ (_/                             /)                                     (/       Microsoft MVP - Directory Services www.akomolafe.com - we know IT -5.75, -3.23 Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: joe Sent: Fri 9/1/2006 9:16 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] DNS DOCUMENTATION Heh, this was a topic on a MSFT concall yesterday... Bind 9 supports multiple views on zones based on external/internal (or other definitions) requests... Cuts down on the number of DNS servers required.   http://www.oreillynet.com/pub/a/oreilly/networking/news/views_0501.html   http://transposed.org/techstuff/bind9-win2k.html   or better (depending on your viewpoint[1])   http://info.ccone.at/INFO/FreeBSD-Manual/en/network-bind9.html     :)     [1] Boooo.   -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm      From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Akomolafe, Deji Sent: Friday, September 01, 2006 11:35 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] DNS DOCUMENTATION This doesn't do anything positive for him regarding his particular concerns. He is publishing internal records to the public.   I have seen some people argue that it is not a big deal to expose internal addresses/records unless the addresses are routable. Me? I say it is bad to mix your internal and external records on the same server. Unless you don't have a choice in terms of hardware limitations, you should split your internal and external zones. Ideally, you would want your internal domain name to be different from your external domain name. But, where that is not possible, use different servers for the DNS service. Point your internal servers and clients to the internal DNS servers and make sure that these are the only name servers listed in your DHCP and on the "Name Server" tab of the zone. Then, remove all internal records from the external DNS servers and make sure that these are the only servers listed externally at the Registrar for the domain.   Sincerely,    _____                                  (, /  |  /)               /)     /)       /---| (/_  ______   ___// _   //  _  ) /    |_/(__(_) // (_(_)(/_(_(_/(__(/_ (_/                             /)                                     (/       Microsoft MVP - Directory Services www.akomolafe.com - we know IT -5.75, -3.23 Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: Scott, Anthony Sent: Fri 9/1/2006 8:12 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] DNS DOCUMENTATION All you should have to do is create an A record named www, point it to the internal IP of your web server. This will create an A record of www.domain.com     Thanks, Anthony Scott Microsoft Consultant Mobile 616-481-9722 | Desk 616-464-6369 | [EMAIL PROTECTED]   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ramon Linan Sent: Friday, September 01, 2006 10:42 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] DNS DOCUMENTATION   HI,   I have one of my client that has AD integrated DNS.   The internet domain is the same that the AD domain. (domain.com) They have ns1 and ns2 to handle the internet domain, meaning mx, www, A ,etc records for domain.com, those are the external DNS servers. And they also have several internal dns servers for AD.   The thing is I am able to query ns1 and ns2 from outside the office and find out everything for the domain, global catalogs, DC, etc   Is this the correct way to do it? Anybody knows a good white paper or similar that deals with AD integrated DNS, internal and external dns, etc?     Thanks   Rezuma