2

I need some clarification if I understood this correctly. I've been reading about Active Directory and naming my domain, and the reason Microsoft didn't suggest using external public domain was DNS Split. If I understood correctly (and please correct me if I didn't) in this case I have two Domain Name Servers, both doing the same job, but one of them is internal (in my company i.e.) and the other is a public one.

Did I misunderstand this and if I did could somebody explain this to me? I hope this question is not too broad for this site! Cheers.

RidableCthulu
  • 145
  • 1
  • 6
  • `I have two Domain Name Servers, both doing the same job`. Hopefully you have more then two. All your Domain controllers will probably be DNS servers, and you should have more then one of those. Then you will probably have one or more external servers providing external DNS. Your external DNS could be hosted or handled by someone else like your registrar. – Zoredache Nov 12 '13 at 20:31
  • Oh, I don't have any DCs yet because I'm still in school and just trying to learn bit more about networks. Thanks for your answer! – RidableCthulu Nov 12 '13 at 20:34

1 Answers1

7

"the reason Microsoft didn't suggest using external public domain" <-- This is 100% wrong. MS has recommended using a public domain name since Active Directory was introduced in Windows 2000. At the time, some people upgrading from NT (or worse) had domain names that were incompatible with DNS, and were therefor recommended to use Split Horizon DNS has an ugly hack.

All Active Directory deployments should use a subdomain of a domain owned by the company. The TLD should be valid as well, no ".local" or that ilk.

As for what Split Horizon DNS is, the Wikipedia article covers that well.

Also, lots more details in Mark's Blog.

Esa Jokinen
  • 43,252
  • 2
  • 75
  • 122
Chris S
  • 77,337
  • 11
  • 120
  • 212
  • Thank you so much! Like I said, I have nothing to do with real life networks yet, but I'm trying to learn about it! At the article I read they said that Microsoft suggested using sub domain of a public domain. Thank you once again for answering so quickly! – RidableCthulu Nov 12 '13 at 20:36
  • I just added a link to Mark's blog to my Answer, tons of great information there if you want to learn. – Chris S Nov 12 '13 at 20:37
  • Sorry, I have another question. Did Microsoft ever say that using a public domain (without sub domain) was bad? If I understood correctly having the same domain name for Active Directory and for company website could potentially make problems when using VPN? Did I misunderstand that? – RidableCthulu Nov 12 '13 at 20:41
  • No offense, but please read that blog article I linked. It answers that question and the next ten you'll have. – Chris S Nov 12 '13 at 20:47