Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

W2K Domain Is a Public Domain: Should I change it?

Status
Not open for further replies.
mdsurfrider

mdsurfrider

IS-IT--Management
Jan 6, 2003
24
0
0
US
Here's my situation:

I have a client that own two domains: 1) XYZ.com & 2) XYZ.net. Their windows 2000 domain is named XYZ.net. They are having a lot of problems with DNS name resolution to various websites, and their pop3 mail server (external).

There are about 40 hosts on the network and they want to deploy MS Exchange this summer.

Should I rename their domain before Exhchange deployment? Should I rename the domain regardless? I realize that it won't be a true "rename" and the amount of work will be numbing. What is your advice?

Thanks,
Mike
 
Sort by date Sort by votes
Generally speaking I think its better not to use a public domain name on an internal network, however having said that a lot of companies have there domains set up as there internet domain name (you can blame the MS documentation for that)and it works just fine.
I suspect that your problems have more to do with the way your DNS server is set up.
Even though it is not a requirement in my experiance you are best served by using the W2k DNS for your internal network and using forwarders to do resolution for hosts outside your domain.
There are plenty of articals on the MS KB in regards to setting up DNS in a Windows 2000 Domain
 
Upvote 0 Downvote
I agree with PaulW but would add that microsoft recommends using .local rather than .com for your AD unless you are hosting both your mail and web sites.

I'd do the rename even though it would be a pain.

I hope you find this post helpful. Please let me know if it was.

Regards,

Mark
 
Upvote 0 Downvote
You do not really need to rename your entire domain and do all the work again. Your problems appear to be very DNS related. Your primary DNS should be the domain you are logging in to, in this case XYZ.net. This is true for both your DC as well as all client machines. IN your DNS administrator console, configure forwarders for your DNS server to use when it cannot resolve any queries. Usually, this is the Ip addresses of the DNS servers of your internet provider.
Your main issue using XYZ.net will be when you have a website hosted externally called XYZ.net. As your primary DNS thinks it is responsible for XYZ.net, your internal users will not be able to get to your XYZ.net website. This is easy to workaround provided your website hosted with a static IP address (This is very important!). All you need to do in a case such as this is to create a host record call your DNS Forward lookup Zone and give it the IP address of your external website. Now all your users can browse all internet related stuff including XYZ.net.

Hope this helped.



Claudius (What certifications??)
 
Upvote 0 Downvote
Appreciate the feedback. I have verified all of your recommendations (before the post). The Windows DNS has forwarders setup that point to their ISPs resolvers. The clients point first to the Windows server and then to the ISP resolvers.

One error I continue to see is that the clients get an error messagee "Non existant domain" when I try an nslookup and then bounce to the external resolvers where the name is resolved correctly. But if I do nslookup server 192.168.1.2 (server IP) it'll work fine.

Seems like a possible timeout issue? Is there a timeout setting somewhere?

Mike

Michael Law - MCSE, CCNA, SCSA, MCIW
Qualatech Computer Consulting, LLC
 
Upvote 0 Downvote
The discussion on using a split-brain DNS design (= using the same domain name for internal and external use) or a different names design seems to be as old as life itself :)

There are a few pros and cons for each solution and I have learned from other discussion forums that supporters of one method cannot convince supporters of the other method. In the end they always come to the conclusion that either solution works fine.

My personal preference is the split-brain design: so use xyz.com for your own domain and host this on your internal DNS servers and let an ISP host xyz.com for external use (ie the internet). You can create a rock solid, highly secure DNS solution using split-brain. Depending on your security requirements you can detach your internal DNS servers from the internet and forward all queries to a hardened, highly secure pair of DNS servers in the DMZ.

The main concern I have with using different names is that it can be confusing for users and administrators to "understand" the concept of two domains, especially when they use UPN's to access resources.

Do some research, give it some thought and pick a method, you can't really go wrong with either...

Good Luck

Jeffrey Kusters

MCSA, MCSE, CCNA
 
Upvote 0 Downvote
The problem you are having with your nslookup

- have you set a pointer record in your primary reverse lookup zone for your DNS server?

That error usually occurs if you have not done so.




Claudius (What certifications??)
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

goombawaho
  • Locked
  • Question
Domain join from wifi connected laptop
Replies
4
Views
181
goombawaho
goombawaho
MattM1975
  • Locked
  • Question
Domain Admin Logon 1
Replies
2
Views
80
ADB100
ADB100
mangentle
  • Locked
  • Question
What could be the potential causes if a Microsoft Windows Server is experiencing slow network!
Replies
1
Views
136
gbaughma
gbaughma
juniper911
  • Locked
  • Question
Smartcard PIN Cache - is it configurable?
Replies
0
Views
53
juniper911
juniper911
fredmartinmaine
  • Locked
  • Question
Domain Controller without DNS Server
Replies
4
Views
163
fredmartinmaine
fredmartinmaine

Part and Inventory Search

Sponsor

Back
Top