RE: [ActiveDir] Segregating and delegating _msdcs
Title: Message I'll try to elaborate but much of the reasoning behind this is political or sensitive in its nature :) [BTW: I'm happy with the feasibility of the change but am looking more for best practices and known issues etc] We currently have non-secure DDNS enabled in the a.test.com zone and wish to enable secure DDNS. Whilst investigating the ramifications of this change, we have decided to segregate out the _ zones so we can safely enable secure DDNS on those zones whilst investigations continue for the parent zone. Ultimately, both the _ zones as well as the parent zone itself will be managed by non-Windows DNS servers, but we will still require a split of _ zones since DDNS will only be permitted for those zones. Now I've "spilled the beans" are you able to offer a response or a technote / KB? :) Thanks, neil -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier, GuidoSent: 27 April 2005 21:57To: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Segregating and delegating _msdcs technically, this approach is quite feasable - however, it's usually done the other way around. Many companies do this so that they can safely enable DDNS on the _MSDCS zones (as AD integrated zone) allowing automatic service record, DC & Domain GUID registration etc., while putting the host records on a (static) Bind DNS. So it would be good to know your reason behind your request...? /Guido From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ruston, NeilSent: Mittwoch, 27. April 2005 09:53To: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Segregating and delegating _msdcs For various reasons we would like to split out _msdcs and the other _* domains within one specific DNS zone, into separate zones. These new zones will then, eventually, be hosted on non-Windows DNS servers, whilst the 'parent' zone will remain hosted on w2k DCs. Our current environment is w2k DCs [in a 4 domain forest] so app partitions are not an option just yet. Root domain is named test.com and 3 children exist, a.test.com, b.test.com and c.test.com. We wish to delegate the _ domains within a.test.com only to non-Windows DNS servers, with a.test.com remaining hosted on w2k DCs.. I have found fairly useful technotes etc and have started to flesh out a plan but wondered if anyone would be prepared to share any real world experiences of such an operation. i.e. how was the change performed? Any pitfalls or gotchas? Thanks in advance, neil ==This message is for the sole use of the intended recipient. If you received this message in error please delete it and notify us. If this message was misdirected, CSFB does not waive any confidentiality or privilege. CSFB retains and monitors electronic communications sent through its network. Instructions transmitted over this system are not binding on CSFB until they are confirmed by us. Message transmission is not guaranteed to be secure.== == This message is for the sole use of the intended recipient. If you received this message in error please delete it and notify us. If this message was misdirected, CSFB does not waive any confidentiality or privilege. CSFB retains and monitors electronic communications sent through its network. Instructions transmitted over this system are not binding on CSFB until they are confirmed by us. Message transmission is not guaranteed to be secure. ==
RE: [ActiveDir] Segregating and delegating _msdcs
Title: Segregating and delegating _msdcs technically, this approach is quite feasable - however, it's usually done the other way around. Many companies do this so that they can safely enable DDNS on the _MSDCS zones (as AD integrated zone) allowing automatic service record, DC & Domain GUID registration etc., while putting the host records on a (static) Bind DNS. So it would be good to know your reason behind your request...? /Guido From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ruston, NeilSent: Mittwoch, 27. April 2005 09:53To: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Segregating and delegating _msdcs For various reasons we would like to split out _msdcs and the other _* domains within one specific DNS zone, into separate zones. These new zones will then, eventually, be hosted on non-Windows DNS servers, whilst the 'parent' zone will remain hosted on w2k DCs. Our current environment is w2k DCs [in a 4 domain forest] so app partitions are not an option just yet. Root domain is named test.com and 3 children exist, a.test.com, b.test.com and c.test.com. We wish to delegate the _ domains within a.test.com only to non-Windows DNS servers, with a.test.com remaining hosted on w2k DCs.. I have found fairly useful technotes etc and have started to flesh out a plan but wondered if anyone would be prepared to share any real world experiences of such an operation. i.e. how was the change performed? Any pitfalls or gotchas? Thanks in advance, neil ==This message is for the sole use of the intended recipient. If you received this message in error please delete it and notify us. If this message was misdirected, CSFB does not waive any confidentiality or privilege. CSFB retains and monitors electronic communications sent through its network. Instructions transmitted over this system are not binding on CSFB until they are confirmed by us. Message transmission is not guaranteed to be secure.==
[ActiveDir] Segregating and delegating _msdcs
Title: Segregating and delegating _msdcs For various reasons we would like to split out _msdcs and the other _* domains within one specific DNS zone, into separate zones. These new zones will then, eventually, be hosted on non-Windows DNS servers, whilst the 'parent' zone will remain hosted on w2k DCs. Our current environment is w2k DCs [in a 4 domain forest] so app partitions are not an option just yet. Root domain is named test.com and 3 children exist, a.test.com, b.test.com and c.test.com. We wish to delegate the _ domains within a.test.com only to non-Windows DNS servers, with a.test.com remaining hosted on w2k DCs.. I have found fairly useful technotes etc and have started to flesh out a plan but wondered if anyone would be prepared to share any real world experiences of such an operation. i.e. how was the change performed? Any pitfalls or gotchas? Thanks in advance, neil == This message is for the sole use of the intended recipient. If you received this message in error please delete it and notify us. If this message was misdirected, CSFB does not waive any confidentiality or privilege. CSFB retains and monitors electronic communications sent through its network. Instructions transmitted over this system are not binding on CSFB until they are confirmed by us. Message transmission is not guaranteed to be secure. ==
