Depends on the VPN implementation really - our VPN clients receive the internal DNS server info, so they get the same resolution as the on-network clients get.
------------------------------------------------------ Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis - Formerly Harbinger and Extricity Atlanta, GA > -----Original Message----- > From: Ryan Malayter [mailto:[EMAIL PROTECTED]] > Sent: Friday, October 11, 2002 11:59 AM > To: NT 2000 Discussions > Subject: RE: AD naming > > > In my experience, you can use your registered domain if you > like, but be > aware that you should probably use different server names on your > external-facing DNS. This avoids problems with VPN > connections from the > outside. > > Ryan Malayter > Sr. Network & Database Administrator > Bank Administration Institute > Chicago, Illinois, USA > PGP Key: http://www.malayter.com/pgp-public.txt > ::::::::::::::::::::::::::::::: > We have just enough religion to make us hate, but not enough > to make us > love one another. > -Jonathan Swift > > > -----Original Message----- > From: Roger Seielstad [mailto:[EMAIL PROTECTED]] > Posted At: Friday, October 11, 2002 6:54 AM > Posted To: Windows 2000 List > Conversation: AD naming > Subject: RE: AD naming > > > > If you want to keep the two independent (and it sounds like > > you do), what's > > wrong with building the structure around 'octech.local' or > > 'octech.prv'? > > Plenty. That style of naming standard was the original suggestion > following > some of the JDP installs, prior to AD going gold. Since that time, > however, > it has been strongly suggested that you use valid, registered domain > names > for all AD work, specifically for guaranteed uniqueness. > > I would suggest one of two things - > 1) Using your external domain name internally, and implement > split DNS. > This > is a little more complicated from the DNS perspective, but isn't that > hard. > > 2) Acquire new domain name(s) from the registrar of your > choice, and use > those names for your AD infrastructure. This really is an > easy way to do > it, > since there is no confusion for less DNS saavy admins, and > you don't end > up > with long domain names. > > I've done both, and both work well. In fact, I just completed a > migration > using the second format - we're now using 2 generic DNS domains > internally, > that have nothing to do with our company's public DNS presence. > > Roger > ------------------------------------------------------ > Roger D. Seielstad - MCSE > Sr. Systems Administrator > Inovis - Formerly Harbinger and Extricity > Atlanta, GA > > > > -----Original Message----- > > From: Steve Molkentin [mailto:[EMAIL PROTECTED]] > > Sent: Thursday, October 10, 2002 6:56 PM > > To: NT 2000 Discussions > > Subject: RE: AD naming > > > > > > Mr Foley (OK, making an assumption here), > > > > Having your internal DNS structure = your Net structure has > > it's benefits if > > you are trying to access 'stuff' inside your organisation > > from the Net. > > > > If you want to keep the two independent (and it sounds like > > you do), what's > > wrong with building the structure around 'octech.local' or > > 'octech.prv'? > > > > I'm glad to be wrong or have misunderstood your > > requirements... interesting > > to hear what other's think (and what you think). > > > > themolk. > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > > > Sent: Wednesday, 9 October 2002 11:24 am > > > To: NT 2000 Discussions > > > Subject: AD naming > > > > > > > > > Sorry if this is a repeat, not sure if my last message got on > > > the list. > > > I am creating a new root forest on a new domain controller > > > that will be > > > the first server with AD running on our network. I am > > planning to use > > > ADMTv2 to migrate users and want to keep both domains running > > > for awhile. > > > Anyway, my question is this. Should I use my registered DNS > > > domain name > > > octech.edu for the forest root, or should I use something like > > > local.octech.edu or inside.octech.edu? I run DNS on my PDC > > now but I > > > don't send my ISP zone transfers (it's behind the firewall). > > > They have a > > > list of all my servers that need outside access (email, > > > public web page, > > > etc.) which they put in their name servers manually. > > > > > > ------ > > > You are subscribed as [EMAIL PROTECTED] > > > Archives: http://www.swynk.com/sitesearch/search.asp > > > To unsubscribe send a blank email to %%email.unsub%% > > > > > > > ------ > > You are subscribed as [EMAIL PROTECTED] > > Archives: http://www.swynk.com/sitesearch/search.asp > > To unsubscribe send a blank email to %%email.unsub%% > > > > ------ > You are subscribed as [EMAIL PROTECTED] > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe send a blank email to %%email.unsub%% > > ------ > You are subscribed as [EMAIL PROTECTED] > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe send a blank email to %%email.unsub%% > ------ You are subscribed as [email protected] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to [EMAIL PROTECTED]
