Yup - that's split DNS alright. And that's the way to go. ------------------------------------------------------ Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis - Formerly Harbinger and Extricity Atlanta, GA
> -----Original Message----- > From: [EMAIL PROTECTED] [mailto:foleyg@;octech.edu] > Sent: Friday, October 11, 2002 9:21 AM > To: NT 2000 Discussions > Subject: RE: AD naming > > > Thanks Roger. I believe my DNS is split (if this is the > correct term). I > run DNS behind the firewall on the PDC to resolve locally. I > do not send > zone transfers through the firewall to the ISP. If I want a > server to be > available on the outside, they have to put an A record on their name > servers. The only problem I had with this was getting our public page > (www.octech.edu) to resolve from the inside. The ISP was able to work > this out on their end. > > > > If you want to keep the two independent (and it sounds like > > > you do), what's > > > wrong with building the structure around 'octech.local' or > > > 'octech.prv'? > > > > Plenty. That style of naming standard was the original > suggestion following > > some of the JDP installs, prior to AD going gold. Since > that time, however, > > it has been strongly suggested that you use valid, > registered domain names > > for all AD work, specifically for guaranteed uniqueness. > > > > I would suggest one of two things - > > 1) Using your external domain name internally, and > implement split DNS. This > > is a little more complicated from the DNS perspective, but > isn't that hard. > > > > 2) Acquire new domain name(s) from the registrar of your > choice, and use > > those names for your AD infrastructure. This really is an > easy way to do it, > > since there is no confusion for less DNS saavy admins, and > you don't end up > > with long domain names. > > > > I've done both, and both work well. In fact, I just > completed a migration > > using the second format - we're now using 2 generic DNS > domains internally, > > that have nothing to do with our company's public DNS presence. > > > > Roger > > ------------------------------------------------------ > > Roger D. Seielstad - MCSE > > Sr. Systems Administrator > > Inovis - Formerly Harbinger and Extricity > > Atlanta, GA > > > > > > > -----Original Message----- > > > From: Steve Molkentin [mailto:themolk@;flc.qld.edu.au] > > > Sent: Thursday, October 10, 2002 6:56 PM > > > To: NT 2000 Discussions > > > Subject: RE: AD naming > > > > > > > > > Mr Foley (OK, making an assumption here), > > > > > > Having your internal DNS structure = your Net structure has > > > it's benefits if > > > you are trying to access 'stuff' inside your organisation > > > from the Net. > > > > > > If you want to keep the two independent (and it sounds like > > > you do), what's > > > wrong with building the structure around 'octech.local' or > > > 'octech.prv'? > > > > > > I'm glad to be wrong or have misunderstood your > > > requirements... interesting > > > to hear what other's think (and what you think). > > > > > > themolk. > > > > > > > -----Original Message----- > > > > From: [EMAIL PROTECTED] [mailto:foleyg@;octech.edu] > > > > Sent: Wednesday, 9 October 2002 11:24 am > > > > To: NT 2000 Discussions > > > > Subject: AD naming > > > > > > > > > > > > Sorry if this is a repeat, not sure if my last message got on > > > > the list. > > > > I am creating a new root forest on a new domain controller > > > > that will be > > > > the first server with AD running on our network. I am > > > planning to use > > > > ADMTv2 to migrate users and want to keep both domains running > > > > for awhile. > > > > Anyway, my question is this. Should I use my registered DNS > > > > domain name > > > > octech.edu for the forest root, or should I use something like > > > > local.octech.edu or inside.octech.edu? I run DNS on my PDC > > > now but I > > > > don't send my ISP zone transfers (it's behind the firewall). > > > > They have a > > > > list of all my servers that need outside access (email, > > > > public web page, > > > > etc.) which they put in their name servers manually. > > > > > > > > ------ > > > > You are subscribed as [EMAIL PROTECTED] > > > > Archives: http://www.swynk.com/sitesearch/search.asp > > > > To unsubscribe send a blank email to %%email.unsub%% > > > > > > > > > > ------ > > > You are subscribed as [EMAIL PROTECTED] > > > Archives: http://www.swynk.com/sitesearch/search.asp > > > To unsubscribe send a blank email to %%email.unsub%% > > > > > ------ > You are subscribed as [EMAIL PROTECTED] > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe send a blank email to %%email.unsub%% > ------ You are subscribed as [email protected] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to [EMAIL PROTECTED]
