DNS Namespace Planning
Consider the following items:
- Identify the DNS namespace that you will be using for your domain. Identify the name that your organization has registered for use on the Internet (for example, company.com). If your company does not have a registered name, but you will be connected to the Internet, you may want to register a name on the Internet. Make sure if you choose not to register a name that you choose a name that is unique. You can review existing names at http://www.networksolutions.com.
- Use different internal and external namespaces. Internally, you could use comp.com or a subdomain of the external name such as corp.company.com. The subdomain structure could be useful if you already have an existing DNS namespace. Different locations or organizations can be named with different subdomains such as nameone.corp.company.com or nametwo.corp.company.com to ease administration.
- Make Active Directory child domains immediately subordinate to their parent domains in the DNS namespace. You can choose to create subdomains for organizations within your company or locations. For example, leveltwo.levelone.corp.company.com
- Separate internal and external names on separate servers. External servers should include only those names that you want to be visible to the Internet. Internal servers should contain names that are for internal use. You can set your internal DNS servers to forward requests that they cannot resolve to external servers for resolution. Different types of clients require different kinds of name resolution. Web proxy clients, for example, do not require external name resolution because the proxy server does this on their behalf. Overlapping internal and external namespaces are not recommended. In most cases, the end result of this configuration is that computers will be unable to locate needed resources because of receiving incorrect IP addresses from DNS. This is particularly a concern when Network Address Translation (NAT) is involved and the external IP address is in an unreachable range for internal clients.
- Make sure that root servers are not created unintentionally. Root servers may be created by the Dcpromo Wizard, resulting in internal clients being able to reach external clients or to reach parent domains. If the "." zone exists, a root server has been created. It may be necessary to remove this for proper name resolution to work. For additional information, click the article number below to view the article in the Microsoft Knowledge Base: 229840 DNS Server's Root Hints and Forwarder Pages Are Unavailable
Article ID: 254680 - Last Review: 09/11/2011 07:43:00 - Revision: 5.0
- kbproductlink kbdns kbinfo KB254680