remedial question about ADS
should every domain use name of business? example, let's work in hospital , blue county hospital. assuming business owns domain called bluecountyhospital.org (not real btw) domain controllers host records bluecountyhospital.org? , if wanted use domain controllers dns, mean each computer , server joined domain have same suffix, such dc1.bluecountyhospital.org or computer1.bluecountyhospital.org or intranet.bluecountyhospital.org (ignoring subnets , firewall , dmz ports unauthorized access)? more importantly, names resolvable outside? if went starbucks , pinged fqdn computer1.bluecountyhospital.org resolve internal ip which, lets dhcp assigned 10.1.10.20, or time out?
internal domain private domain used sharing & accessing data within organization, should not exposed internet may lead security attack or critical data exposed outsiders. can connect network internet if vpn configured & vpn secure connecting & accessing data of organization follows.
regarding ping domain outside not difficult can achieved, don't think want expose network hackers. if hosting website or exchange, can have necessary host records & mx records created @ isp end in dns visible website all.
regarding ping, until have registered domain or use public ip on server not visible, assigning public ip have register domain can recognized performing dns external domain such yahoo, google etc, if want data info has publicly available going huge security risk & want think before it.
there called splitbrain dns means separate dns internal domain name resolution & external domain name resolution.
how dns works ad.
http://technet.microsoft.com/en-us/library/cc759550%28ws.10%29.aspx
previous discussion on split zone
ace got article on split dns
http://www.windowsitpro.com/article/dns/split-brain-dns
regards
awinish vishwakarma| my blog
disclaimer: posting provided as-is no warranties or guarantees , confers no rights.
Windows Server > Directory Services
Comments
Post a Comment