In my experience, I have found that there are less issues to work through or around when split-brain DNS is not involved.
Mind you, many of the issues in question are more political than technical, but that is the state of business today. Mergers, spinoffs, rebranding and outsourcing considerations are made more, not less, complex with split-brain DNS. And I can't point to any scenarios where it makes things easier or better, so I avoid it myself. -ASB: http://xeesm.com/AndrewBaker Sent from my Verizon Smartphone -----Original Message----- From: Kurt Buff <[email protected]> Date: Tue, 2 Mar 2010 16:15:31 To: NT System Admin Issues<[email protected]> Subject: Re: Probably a stupid DNS question, but I can't figure it out. Absolutely true. I was just questioning the idea that setting up split brain DNS is a 'mistake'. IMHO, giving up resolving the bare domain 'example.com' to 'www.example.com' is at worst a very small, extremely tiny annoyance, which unfortunately some folks allow to bloom into a major political battle, and I hope that's not what you're experiencing.. I still think it's an excellent way of setting up DNS, for many/most situations. Kurt On Tue, Mar 2, 2010 at 15:49, Andrew S. Baker <[email protected]> wrote: > But OP doesn't want to have to use www on the inside, hence the problem. > > > -ASB: http://xeesm.com/AndrewBaker > Sent from my Verizon Smartphone > > -----Original Message----- > From: Kurt Buff <[email protected]> > Date: Tue, 2 Mar 2010 12:54:08 > To: NT System Admin Issues<[email protected]> > Subject: Re: Probably a stupid DNS question, but I can't figure it out. > > I don't think OP has the same *zone file* for both. That would be a > poor decision indeed. > > However, at $WORK we use the same domain name both internally and > externally (example.com, no subdomains internally or externally), and > aside from needing to put in 'www' while inside the perimeter, we've > seen no issues, after moving away from an IPSec VPN to an SSL > web-based VPN. Forcing all traffic over the IPSec tunnel is a major > PITA from both a speed perspective and a client-management > perspective. > > > Kurt > > On Mon, Mar 1, 2010 at 18:00, Ken Schaefer <[email protected]> wrote: >> I wouldn't call it an "excellent decision" In fact, I'm aware of no-one that >> uses the same DNS namespace for their primary internal domain, and also the >> primary external domain. >> >> Split-brain DNS is fine, but using the same DNS zone isn't an "excellent >> decision" IMHO. I'm sure it can be justified in certain situations, but I >> wouldn't use it as a the rule-of-thumb. >> >> Cheers >> Ken >> >> -----Original Message----- >> From: Kurt Buff [mailto:[email protected]] >> Sent: Tuesday, 2 March 2010 3:33 AM >> To: NT System Admin Issues >> Subject: Re: Probably a stupid DNS question, but I can't figure it out. >> >> It's *not* a mistake. It is, IMHO, an excellent decision, but it does have a >> cost, as ASB and others have noted. >> >> I don't know what's involved in re-jiggering your domain, aside from >> standing up a new one and migrating all of your machines over, but it would >> probably be worth your while to investigate that before you do it. >> >> I'm sure there's more to it than I'm aware of. >> >> Kurt >> >> On Mon, Mar 1, 2010 at 07:53, Chyka, Robert <[email protected]> wrote: >>> >>> yes I realize the mistake we made over 10 years ago when we created the >>> domain. I will change the structure when we go to 2008 R2 next month. >>> >>> Thanks..Bob >>>________________________________ >>> From: Ken Schaefer [mailto:[email protected]] >>> Sent: Monday, March 01, 2010 10:44 AM >>> To: NT System Admin Issues >>> Subject: RE: Probably a stupid DNS question, but I can't figure it out. >>> >>> Erm – OP is talking about internal name resolution. For an internal AD >>> domain: domain.whatever is going to resolve to DCs. This one reason not to >>> use the same domain for external and internal name resolution. Externally >>> use medaille.edu. Internally use corp.medaille.edu or something. >>> >>> >>> >>> Cheers >>> >>> Ken >>> >>> >>> >>> From: Karl Bickmore [mailto:[email protected]] >>> Sent: Monday, 1 March 2010 11:41 PM >>> To: NT System Admin Issues >>> Subject: RE: Probably a stupid DNS question, but I can't figure it out. >>> >>> >>> >>> Put in a host (A) record on the domain name with no name details, but >>> still point it to the public ip. >>> >>> >>> >>> >>> >>> >>> >>> Karl Bickmore >>> >>> 6613 N Scottsdale Road, Suite 101 >>> >>> Scottsdale AZ, 85250 >>> >>> 480-553-9967 X100 >>> >>> [email protected] >>> >>> >>> >>> Please remember CCNS is a referral based business. If you have a friend or >>> colleague in need, we are happy to help. Feel free to pass along our >>> contact information to anyone you think we can help. Thanks! >>> >>> >>> >>> From: Chyka, Robert [mailto:[email protected]] >>> Sent: Monday, March 01, 2010 8:37 AM >>> To: NT System Admin Issues >>> Subject: Probably a stupid DNS question, but I can't figure it out. >>> >>> >>> >>> Hello, >>> >>> >>> >>> We have a Active Directory 2003 Domain with Microsoft integrated DNS >>> running for our company. If I want to add a DNS record to get to our >>> webserver, but want it to resolve without the www, what type of record do i >>> use? i was trying to put a CNAME record in, but it already has our domain >>> name in there by default and you cant change it and i cant leave the input >>> field blank for the hostname. We want medaille.edu in a browser >>> to redirect to www.medaille.edu internally. We have it working with our >>> ISP on the internet public side. >>> >>> >>> >>> Thanks! Bob >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ >> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
