Add Reserved Names

[Pekka]

Heips;

Is there any way (/trick) to add reserved (forbidden) names to DNS? (á la
"localhost")

BR
Pekka

 

[Jonathan de Boyne Pollard]

AF> Not sure if you can control that. [...]

One solution is to make more use of multiple "zones", by having two separate
"zones", one for the domain names that are effectively assigned by individual
machine owners with looser restrictions on dynamic updates and lower status,
and one for domain names that are assigned by a select few with tighter
restrictions on dynamic updates and higher status.

For example: The high-status static domain names that one doesn't want to be
divertable by just any old Tom, Dick, or Harry would be subdomains of (say)
"servers.nokia.com.", whereas low-status dynamically registered domain names
would all be subdomains of (say) "hosts.nokia.com.". So even if someone came
along one day and decided to name their machine "proxypac", its full domain
name would actually be "proxypac.hosts.nokia.com.". As long as everyone else
was using the fully qualified domain name "proxypac.servers.nokia.com." (and
not, say, merely "proxypac") for locating services they would remain
unaffected. Reassignment of domains names under "servers.nokia.com." would be
a less casual affair, of course.

This is one of many ways of arranging the namespace in order to achieve this,
of course. Season according to taste.

 

[Ace Fekay [MVP]]

In

Heips;

Is there any way (/trick) to add reserved (forbidden) names to DNS?
(á la "localhost")

BR
Pekka

What sort of "forbidden" names? You mean ones with invalid characters?

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Ace Fekay [MVP]]

Replying directly to you:
No, not like that. Some special names in our network;
e.g. we want make sure that nobody registers the name
proxypac" to the DNS (that would be end of surfing for every user).

Naturally we have instructions and naming standards, but we
would like to "hard code" them...

BR
Pekka Y-N



Not sure if you can control that. As long as some other machine is NOT named
proxypac, then I wouldn't worry about it. I would make sure Secure Updates
are enabled. Limit the administrators who can create DNS records.

Please let's try to keep future responses in the newsgroup so all can
benefit from the thread.
Thanks
Ace

*Please direct all replies to the newsgroup so all can benefit*
--
Regards,
Ace

This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
--
=================================




"Ace Fekay [MVP]"

 

[Ace Fekay [MVP]]

In

Not sure if you can control that. [...]

One solution is to make more use of multiple "zones", by having two
separate "zones", one for the domain names that are effectively
assigned by individual machine owners with looser restrictions on
dynamic updates and lower status, and one for domain names that are
assigned by a select few with tighter restrictions on dynamic updates
and higher status.

For example: The high-status static domain names that one doesn't
want to be divertable by just any old Tom, Dick, or Harry would be
subdomains of (say) "servers.nokia.com.", whereas low-status
dynamically registered domain names would all be subdomains of (say)
"hosts.nokia.com.". So even if someone came along one day and
decided to name their machine "proxypac", its full domain name would
actually be "proxypac.hosts.nokia.com.". As long as everyone else
was using the fully qualified domain name
"proxypac.servers.nokia.com." (and not, say, merely "proxypac") for
locating services they would remain unaffected. Reassignment of
domains names under "servers.nokia.com." would be a less casual
affair, of course.

This is one of many ways of arranging the namespace in order to
achieve this, of course. Season according to taste.

Great explanation! Thanks Jonathan. Hope Pekka reads this.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory