Is it safe to add parent domain as additional zone within DNS?

Question

Our internal Windows domain is ad.company.co.uk.

When we try to access mail.company.co.uk (for OWA or Outlook Anywhere, as an example), it resolves to the external IP address of the router and gets stuck due to the router's inability to have reflexive NAT'ing configured.

I read that split-DNS is the best way forward to allow access to internal resources via the external IP address.

Is it safe to add another zone to the internal DNS server called company.co.uk and set up duplicate mail, www, autodiscover, etc. A records, without it interfering with the existing sub-domain already being used for the internal Windows domain? Not keen on trying it in a production environment without being aware of any potential adverse effects, if there are any of course.

Hopefully that makes some sense.

score 1 · Accepted Answer · answered May 10 '13 at 14:21

What you want to do is "textbook" split DNS, and is perfectly safe, if not encouraged.

The only downside of split DNS is that it is an additional management burden. Every time you add a new record foobar.company.co.uk, you have to give some thought as to whether it should go in the public version only, in the private version only, in both identically, or in both but with different associated data. And then having decided that, you may have to edit 2 zone files instead of one. All in all, this is not a big downside.

Is it safe to add parent domain as additional zone within DNS?

1 Answers1