+1. The advantage I see is keeping it simple - users don't have to determine "which domain name do I use?" depending on where they are working, or whether or not a VPN connection is active, etc. And a single mail profile for Outlook RPC over https.
Carl -----Original Message----- From: Kurt Buff [mailto:[email protected]] Sent: Tuesday, March 02, 2010 7:16 PM To: NT System Admin Issues Subject: Re: Probably a stupid DNS question, but I can't figure it out. Absolutely true. I was just questioning the idea that setting up split brain DNS is a 'mistake'. IMHO, giving up resolving the bare domain 'example.com' to 'www.example.com' is at worst a very small, extremely tiny annoyance, which unfortunately some folks allow to bloom into a major political battle, and I hope that's not what you're experiencing.. I still think it's an excellent way of setting up DNS, for many/most situations. Kurt On Tue, Mar 2, 2010 at 15:49, Andrew S. Baker <[email protected]> wrote: > But OP doesn't want to have to use www on the inside, hence the problem. > > > -ASB: http://xeesm.com/AndrewBaker > Sent from my Verizon Smartphone > > -----Original Message----- > From: Kurt Buff <[email protected]> > Date: Tue, 2 Mar 2010 12:54:08 > To: NT System Admin Issues<[email protected]> > Subject: Re: Probably a stupid DNS question, but I can't figure it out. > > I don't think OP has the same *zone file* for both. That would be a > poor decision indeed. > > However, at $WORK we use the same domain name both internally and > externally (example.com, no subdomains internally or externally), and > aside from needing to put in 'www' while inside the perimeter, we've > seen no issues, after moving away from an IPSec VPN to an SSL > web-based VPN. Forcing all traffic over the IPSec tunnel is a major > PITA from both a speed perspective and a client-management > perspective. > > > Kurt > > On Mon, Mar 1, 2010 at 18:00, Ken Schaefer <[email protected]> wrote: >> I wouldn't call it an "excellent decision" In fact, I'm aware of no-one that >> uses the same DNS namespace for their primary internal domain, and also the >> primary external domain. >> >> Split-brain DNS is fine, but using the same DNS zone isn't an "excellent >> decision" IMHO. I'm sure it can be justified in certain situations, but I >> wouldn't use it as a the rule-of-thumb. >> >> Cheers >> Ken >> >> -----Original Message----- >> From: Kurt Buff [mailto:[email protected]] >> Sent: Tuesday, 2 March 2010 3:33 AM >> To: NT System Admin Issues >> Subject: Re: Probably a stupid DNS question, but I can't figure it out. >> >> It's *not* a mistake. It is, IMHO, an excellent decision, but it does have a >> cost, as ASB and others have noted. >> >> I don't know what's involved in re-jiggering your domain, aside from >> standing up a new one and migrating all of your machines over, but it would >> probably be worth your while to investigate that before you do it. >> >> I'm sure there's more to it than I'm aware of. >> >> Kurt >> >> On Mon, Mar 1, 2010 at 07:53, Chyka, Robert <[email protected]> wrote: >>> >>> yes I realize the mistake we made over 10 years ago when we created the >>> domain. I will change the structure when we go to 2008 R2 next month. >>> >>> Thanks..Bob >>>________________________________ >>> From: Ken Schaefer [mailto:[email protected]] >>> Sent: Monday, March 01, 2010 10:44 AM >>> To: NT System Admin Issues >>> Subject: RE: Probably a stupid DNS question, but I can't figure it out. >>> >>> Erm – OP is talking about internal name resolution. For an internal AD >>> domain: domain.whatever is going to resolve to DCs. This one reason not to >>> use the same domain for external and internal name resolution. Externally >>> use medaille.edu. Internally use corp.medaille.edu or something. >>> >>> >>> >>> Cheers >>> >>> Ken >>> >>> >>> >>> From: Karl Bickmore [mailto:[email protected]] >>> Sent: Monday, 1 March 2010 11:41 PM >>> To: NT System Admin Issues >>> Subject: RE: Probably a stupid DNS question, but I can't figure it out. >>> >>> >>> >>> Put in a host (A) record on the domain name with no name details, but >>> still point it to the public ip. >>> >>> >>> >>> >>> >>> >>> >>> Karl Bickmore >>> >>> 6613 N Scottsdale Road, Suite 101 >>> >>> Scottsdale AZ, 85250 >>> >>> 480-553-9967 X100 >>> >>> [email protected] >>> >>> >>> >>> Please remember CCNS is a referral based business. If you have a friend or >>> colleague in need, we are happy to help. Feel free to pass along our >>> contact information to anyone you think we can help. Thanks! >>> >>> >>> >>> From: Chyka, Robert [mailto:[email protected]] >>> Sent: Monday, March 01, 2010 8:37 AM >>> To: NT System Admin Issues >>> Subject: Probably a stupid DNS question, but I can't figure it out. >>> >>> >>> >>> Hello, >>> >>> >>> >>> We have a Active Directory 2003 Domain with Microsoft integrated DNS >>> running for our company. If I want to add a DNS record to get to our >>> webserver, but want it to resolve without the www, what type of record do i >>> use? i was trying to put a CNAME record in, but it already has our domain >>> name in there by default and you cant change it and i cant leave the input >>> field blank for the hostname. We want medaille.edu in a browser to >>> redirect to www.medaille.edu internally. We have it working with our ISP >>> on the internet public side. >>> >>> >>> >>> Thanks! Bob >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ >> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
