Ah. Well, I haven't been through any mergers, spinoffs, etc. in the past 8 years, so you definitely have more insight into that.
So, do you recommend the example.local/example.com split, or corp.example.com for internal example.com for external configuration? Kurt On Tue, Mar 2, 2010 at 16:44, Andrew S. Baker <[email protected]> wrote: > In my experience, I have found that there are less issues to work through or > around when split-brain DNS is not involved. > > Mind you, many of the issues in question are more political than technical, > but that is the state of business today. > > Mergers, spinoffs, rebranding and outsourcing considerations are made more, > not less, complex with split-brain DNS. > > And I can't point to any scenarios where it makes things easier or better, so > I avoid it myself. > > > -ASB: http://xeesm.com/AndrewBaker > Sent from my Verizon Smartphone > > -----Original Message----- > From: Kurt Buff <[email protected]> > Date: Tue, 2 Mar 2010 16:15:31 > To: NT System Admin Issues<[email protected]> > Subject: Re: Probably a stupid DNS question, but I can't figure it out. > > Absolutely true. I was just questioning the idea that setting up split > brain DNS is a 'mistake'. > > IMHO, giving up resolving the bare domain 'example.com' to > 'www.example.com' is at worst a very small, extremely tiny annoyance, > which unfortunately some folks allow to bloom into a major political > battle, and I hope that's not what you're experiencing.. > > I still think it's an excellent way of setting up DNS, for many/most > situations. > > Kurt > > On Tue, Mar 2, 2010 at 15:49, Andrew S. Baker <[email protected]> wrote: >> But OP doesn't want to have to use www on the inside, hence the problem. >> >> >> -ASB: http://xeesm.com/AndrewBaker >> Sent from my Verizon Smartphone >> >> -----Original Message----- >> From: Kurt Buff <[email protected]> >> Date: Tue, 2 Mar 2010 12:54:08 >> To: NT System Admin Issues<[email protected]> >> Subject: Re: Probably a stupid DNS question, but I can't figure it out. >> >> I don't think OP has the same *zone file* for both. That would be a >> poor decision indeed. >> >> However, at $WORK we use the same domain name both internally and >> externally (example.com, no subdomains internally or externally), and >> aside from needing to put in 'www' while inside the perimeter, we've >> seen no issues, after moving away from an IPSec VPN to an SSL >> web-based VPN. Forcing all traffic over the IPSec tunnel is a major >> PITA from both a speed perspective and a client-management >> perspective. >> >> >> Kurt >> >> On Mon, Mar 1, 2010 at 18:00, Ken Schaefer <[email protected]> wrote: >>> I wouldn't call it an "excellent decision" In fact, I'm aware of no-one >>> that uses the same DNS namespace for their primary internal domain, and >>> also the primary external domain. >>> >>> Split-brain DNS is fine, but using the same DNS zone isn't an "excellent >>> decision" IMHO. I'm sure it can be justified in certain situations, but I >>> wouldn't use it as a the rule-of-thumb. >>> >>> Cheers >>> Ken >>> >>> -----Original Message----- >>> From: Kurt Buff [mailto:[email protected]] >>> Sent: Tuesday, 2 March 2010 3:33 AM >>> To: NT System Admin Issues >>> Subject: Re: Probably a stupid DNS question, but I can't figure it out. >>> >>> It's *not* a mistake. It is, IMHO, an excellent decision, but it does have >>> a cost, as ASB and others have noted. >>> >>> I don't know what's involved in re-jiggering your domain, aside from >>> standing up a new one and migrating all of your machines over, but it would >>> probably be worth your while to investigate that before you do it. >>> >>> I'm sure there's more to it than I'm aware of. >>> >>> Kurt >>> >>> On Mon, Mar 1, 2010 at 07:53, Chyka, Robert <[email protected]> wrote: >>>> >>>> yes I realize the mistake we made over 10 years ago when we created the >>>> domain. I will change the structure when we go to 2008 R2 next month. >>>> >>>> Thanks..Bob >>>>________________________________ >>>> From: Ken Schaefer [mailto:[email protected]] >>>> Sent: Monday, March 01, 2010 10:44 AM >>>> To: NT System Admin Issues >>>> Subject: RE: Probably a stupid DNS question, but I can't figure it out. >>>> >>>> Erm – OP is talking about internal name resolution. For an internal AD >>>> domain: domain.whatever is going to resolve to DCs. This one reason not to >>>> use the same domain for external and internal name resolution. Externally >>>> use medaille.edu. Internally use corp.medaille.edu or something. >>>> >>>> >>>> >>>> Cheers >>>> >>>> Ken >>>> >>>> >>>> >>>> From: Karl Bickmore [mailto:[email protected]] >>>> Sent: Monday, 1 March 2010 11:41 PM >>>> To: NT System Admin Issues >>>> Subject: RE: Probably a stupid DNS question, but I can't figure it out. >>>> >>>> >>>> >>>> Put in a host (A) record on the domain name with no name details, but >>>> still point it to the public ip. >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> Karl Bickmore >>>> >>>> 6613 N Scottsdale Road, Suite 101 >>>> >>>> Scottsdale AZ, 85250 >>>> >>>> 480-553-9967 X100 >>>> >>>> [email protected] >>>> >>>> >>>> >>>> Please remember CCNS is a referral based business. If you have a friend or >>>> colleague in need, we are happy to help. Feel free to pass along our >>>> contact information to anyone you think we can help. Thanks! >>>> >>>> >>>> >>>> From: Chyka, Robert [mailto:[email protected]] >>>> Sent: Monday, March 01, 2010 8:37 AM >>>> To: NT System Admin Issues >>>> Subject: Probably a stupid DNS question, but I can't figure it out. >>>> >>>> >>>> >>>> Hello, >>>> >>>> >>>> >>>> We have a Active Directory 2003 Domain with Microsoft integrated DNS >>>> running for our company. If I want to add a DNS record to get to our >>>> webserver, but want it to resolve without the www, what type of record do >>>> i use? i was trying to put a CNAME record in, but it already has our >>>> domain name in there by default and you cant change it and i cant leave >>>> the input field blank for the hostname. We want medaille.edu in a browser >>>> to redirect to www.medaille.edu internally. We have it working with our >>>> ISP on the internet public side. >>>> >>>> >>>> >>>> Thanks! Bob >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>> >>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ >>> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >>> >>> >>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >>> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
