Definitely food for thought--thanks for the insight. Although, count me among those who have been using a single domain name with split DNS for years with absolutely zero problems.
John Hornbuckle MIS Department Taylor County School District www.taylor.k12.fl.us -----Original Message----- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Thursday, May 05, 2011 5:17 PM To: NT System Admin Issues Subject: Re: www.DomainName.com The issues haven't really changed at all, which is probabbly why there's nothing new published about it -- there's nothing new to say. My standard write-up follows below. If you've been on this list long enough you've prolly seen it before. :) I favor using a registered domain name, so there is no possibility of ever having a name collision, even in the event of a merger/acquisition, or changes in the public DNS topology, or new stuff that claims your unregistered domain name. (Some implementations of zeroconf now want to use ".local".) You can register a separate 2LD (example.com), or just use a subdomain of your "regular" domain (e.g., "corp.example.com" or "inside.example.com" or "ad.example.com" or whatever). The alternative is a "split DNS", where you have multiple disjoint namespaces which the same name. I regard that as an ugly kludge. It's not how DNS is designed to work, and going against the design assumptions is rarely a good idea. My objection to split DNS is simple: It is one more thing to go wrong. If I can eliminate a place for something to go wrong, I will. And when you are claiming authority for a DNS zone you are not authoritative for (which is what split DNS is all about), there is the potential for things to go wrong. Sure, if you do it right, nothing will, but *WHY* even open up the possibility, if it does not get you *any* advantage? At the same time, I think using a separate DNS domain name has several advantages: * It keeps DNS names globally unique. * It clearly identifies internal vs external resources in their name. * You don't have to worry about keeping two different DNS zones in sync. * Should you decide you want to expose your private DNS to the public for any reason, you can still do so. * Roaming systems which are sometimes outside the private network will never get confused over which DNS zone is currently visible. In short, it keeps separate things separate. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
