|
|
 FAQ
 Search
 Memberlist
 Usergroups
 Register
 Profile
 Private messages
 Log in
|
|
| Author |
Message |
Jeremy Weiss
Guest
|
 Posted: Fri May 12, 2006 7:12 am Post subject: Domain Naming and DNS |
 |
|
I have a quick question about naming a domain for a new AD forest. Currently
I own a public domain, with DNS hosted at an local ISP for web hosting, I
will call it domain.com for simplicity. Now if I want to create a AD forest
with a single domain using my commercial DNS as part of the name, what is the
best way to create my domain and DNS so that I don't have to worry about my
internal AD DNS sending updates to the ISP's DNS servers. Should I name the
domain as office.domain.com, or should I add more to the AD DNS structure. I
have seen AD dns like office.ad.domain.com, and I didn't know if this is how
I should setup the DNS. I'm sorry if I am getting terms incorrect of this is
questions has been answered before. I just know setting up DNS is very
important. |
|
| Back to top |
|
 |
|
|
Carlo Cacciafesta
Guest
|
| Posted: Fri May 12, 2006 12:34 pm Post subject: RE: Domain Naming and DNS |
|
|
"Jeremy Weiss" wrote:
| Quote: | I have a quick question about naming a domain for a new AD forest. Currently
I own a public domain, with DNS hosted at an local ISP for web hosting, I
will call it domain.com for simplicity. Now if I want to create a AD forest
with a single domain using my commercial DNS as part of the name, what is the
best way to create my domain and DNS so that I don't have to worry about my
internal AD DNS sending updates to the ISP's DNS servers. Should I name the
domain as office.domain.com, or should I add more to the AD DNS structure. I
have seen AD dns like office.ad.domain.com, and I didn't know if this is how
I should setup the DNS. I'm sorry if I am getting terms incorrect of this is
questions has been answered before. I just know setting up DNS is very
important.
|
If you want to create a single-forest and single-domain AD just use
domain.com. DNS servers from different organizations don't replicate each
other unless configured to do so. You could only have problems if you
register the same name in your internal DNS as one registered in the ISP's
DNS; in this case your internal clients will point to the IP resolved by your
DNS and never to that registered from your ISP. Same problem for all DNS
records registered in the ISP's DNS and not in yours; your DNS (being
authoritative for that zone) will answer that the record doesn't exist and
will never ask the ISP's DNS, even if you configure it as a forwarder.
If you decide that you simply don't want to manage those kind of problems
just name your forest "domain.local" and you will never have DNS problems.
Third level domains like office2.domain.local can be used if you want to
create child domains in your AD. Suppose you have a research department
(typical Microsoft example) and you want to implement different security for
accounts and policies. You can create a research.domain.local domain (child
of domain.local) and apply different security policies to it, keeping it
separate from domain.local. Otherwise you can have a china.domain.local and
delegate administrative management to a chinese IT staff.
Hope it helps.
Regards,
Carlo |
|
| Back to top |
|
|
|
|
