I don't think OP has the same *zone file* for both. That would be a poor decision indeed.
However, at $WORK we use the same domain name both internally and externally (example.com, no subdomains internally or externally), and aside from needing to put in 'www' while inside the perimeter, we've seen no issues, after moving away from an IPSec VPN to an SSL web-based VPN. Forcing all traffic over the IPSec tunnel is a major PITA from both a speed perspective and a client-management perspective. Kurt On Mon, Mar 1, 2010 at 18:00, Ken Schaefer <k...@adopenstatic.com> wrote: > I wouldn't call it an "excellent decision" In fact, I'm aware of no-one that > uses the same DNS namespace for their primary internal domain, and also the > primary external domain. > > Split-brain DNS is fine, but using the same DNS zone isn't an "excellent > decision" IMHO. I'm sure it can be justified in certain situations, but I > wouldn't use it as a the rule-of-thumb. > > Cheers > Ken > > -----Original Message----- > From: Kurt Buff [mailto:kurt.b...@gmail.com] > Sent: Tuesday, 2 March 2010 3:33 AM > To: NT System Admin Issues > Subject: Re: Probably a stupid DNS question, but I can't figure it out. > > It's *not* a mistake. It is, IMHO, an excellent decision, but it does have a > cost, as ASB and others have noted. > > I don't know what's involved in re-jiggering your domain, aside from standing > up a new one and migrating all of your machines over, but it would probably > be worth your while to investigate that before you do it. > > I'm sure there's more to it than I'm aware of. > > Kurt > > On Mon, Mar 1, 2010 at 07:53, Chyka, Robert <bch...@medaille.edu> wrote: >> >> yes I realize the mistake we made over 10 years ago when we created the >> domain. I will change the structure when we go to 2008 R2 next month. >> >> Thanks..Bob >> ________________________________ >> From: Ken Schaefer [mailto:k...@adopenstatic.com] >> Sent: Monday, March 01, 2010 10:44 AM >> To: NT System Admin Issues >> Subject: RE: Probably a stupid DNS question, but I can't figure it out. >> >> Erm – OP is talking about internal name resolution. For an internal AD >> domain: domain.whatever is going to resolve to DCs. This one reason not to >> use the same domain for external and internal name resolution. Externally >> use medaille.edu. Internally use corp.medaille.edu or something. >> >> >> >> Cheers >> >> Ken >> >> >> >> From: Karl Bickmore [mailto:k...@ccnsconsulting.com] >> Sent: Monday, 1 March 2010 11:41 PM >> To: NT System Admin Issues >> Subject: RE: Probably a stupid DNS question, but I can't figure it out. >> >> >> >> Put in a host (A) record on the domain name with no name details, but still >> point it to the public ip. >> >> >> >> >> >> >> >> Karl Bickmore >> >> 6613 N Scottsdale Road, Suite 101 >> >> Scottsdale AZ, 85250 >> >> 480-553-9967 X100 >> >> k...@ccnsconsulting.com >> >> >> >> Please remember CCNS is a referral based business. If you have a friend or >> colleague in need, we are happy to help. Feel free to pass along our contact >> information to anyone you think we can help. Thanks! >> >> >> >> From: Chyka, Robert [mailto:bch...@medaille.edu] >> Sent: Monday, March 01, 2010 8:37 AM >> To: NT System Admin Issues >> Subject: Probably a stupid DNS question, but I can't figure it out. >> >> >> >> Hello, >> >> >> >> We have a Active Directory 2003 Domain with Microsoft integrated DNS running >> for our company. If I want to add a DNS record to get to our webserver, but >> want it to resolve without the www, what type of record do i use? i was >> trying to put a CNAME record in, but it already has our domain name in there >> by default and you cant change it and i cant leave the input field blank for >> the hostname. We want medaille.edu in a browser to redirect to >> www.medaille.edu internally. We have it working with our ISP on the >> internet public side. >> >> >> >> Thanks! Bob >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
