DomaiNname Vs. DomainName.com - Single Lable DNS names and resulting problems

[Patrick]

We just had a DNS issue that turned out to be related our domain name not
having a "." ("dot") com after it. Our domain is called 'Domain', not
'Domain.com'. The issue only started when SP4 was installed on one of our
W2K Domain controllers- replication would not work and there were DNS
issues. Thankfully, this article explained the fix:

http://support.microsoft.com/?id=300684

After fixing it, we are left with a pressing question as we plan to add
another 60 accounts to our current 40 account established Domain:

Is it worth it for us to create a new Domain with the .com (Domain.com) in
an effort to avoid future issues, or, should we leave the established domain
as it is and deal with any other problems as they come?

The article above mentions that Microsoft recommends using .com for the
following reasons:

a.. Single-label DNS names cannot be registered with Internet authorities.
a.. Domains with single-label DNS names require additional configuration.
For example:
a.. DNS might not be used to locate domain controllers in domains with
single-label DNS names.
b.. Dynamic updates are not performed to single-label DNS zones by Windows
XP domain members.
c.. Dynamic updates are not performed to single-label DNS zones by Windows
2000 Service Pack 4 (SP4) members
Are there other concerns not mentioned here? Will we have to run the
registry update for every w2k pro client that has SP4? We have had our
domain for 3 years with no problems due to our naming convention. Our email
is still sent to @Domain.com and we have a registered www.domain.com
address.

Can you please explain other problems we may face and help us decide if it
is worth it spend the time and effort to build a new domain with the name
Domain.com ?

Thank you,


Patrick
I.T. Director

 

[Igor V. Rakovsky]

Top level domain zone names like "domain" may be use for W2K SP4 and w2k3
domain DNS for internal purposes. You need add coresponding parameters in
system registry for ws and servers. See MS KB for UpdateTopLevelDomainZones.

 

[Patrick]

Thanks Igor. So, is having to update the registry on W2K SP4 Workstations
and Servers really the only configuration we will need to do? My questions
is whether it is worth it to build a new domain with .com, or will we be
okay as long as we do the reg update? What other problems may arrise?

Thanks,


Patrick

 

[Danny Sanders]

Hi Patrick,

You should bite the bullet and correct this now.
Here is a post from a MS employee Alan Wood I found in the DNS news group.

"We really would prefer to use FQDN over Single labeled. There are
alot of other issues that you can run into when using a Single labeled
domain name with other AD integrated products. Exchange would be a great
example. Also note that the DNR (DNS RESOLVER) was and is designed to
Devolve DNS requests to the LAST 2 names.

Example: Single Labeled domain .domainA
then, you add additional domains on the forest.
child1.domainA
Child2.child1.domainA

If a client in the domain Child2 wants to resolve a name in domainA
Example. Host.DomainA and uses the following to connect to a share
\\host then it is not going to resolve. WHY, because the resolver is
first going to query for first for Host.Child2.child1.domainA, then it
next try HOST.Child1.domainA at that point the Devolution process is
DONE. We only go to the LAST 2 Domain Names.

Also note that if you have a single labeled domain name it causes excess
DNS traffic on the ROOT HINTS servers and being all Good Internet Community
users we definitely do not want to do that. NOTE that in Windows 2003,
you get a big Pop UP Error Message when trying to create a single labeled
name telling you DON'T DO IT. It will still allow you to do it, but you
will still be required to make the registry changes, which is really not
fun.

Microsoft is seriously asking you to NOT do this. We will support you but
it the end results could be limiting as an end results depending on the
services you are using."



hth
DDS W 2k MVP MCSE

 

[Patrick]

Thanks Danny. Though this is the answer I was hoping not to receive, it is
helpful.

Building a new domain and migrating the old is one hell of a job, and I'm
leaning somewhat toward doing it. Things have been fine with singlename
domain for 3 years now, and now SP4 is out it looks like the problems are
starting.

Any other info/opinions on this issue is greatlly appreciated!

Thanks,


Patrick

 

[David Brandt [MSFT]]

I would tend to agree with the earlier posts about taking the hit now and
doing it right instead of later when the domain is even larger. This is
especially true if you plan on staying with 2k for some time. Using ADMT v2
to migrate to a new domain with the corrent name isn't as difficult as some
believe, but you could also go "low tech" as well and even use the
"addusers" utility (resource kit utility). This will dump a list of users
and their group memberships to a txt file that can be imported on your new
dc to avoid having to re-type user accounts and fix group memberships.
Since this is exported to a txt file it will not save pw's etc though so
they will need to change their pw's to what they want at next logon in the
new domain.
The file can be edited in txt as well to add/remove anything that you want,
which I would probably do to remove accounts like Administrator since it
will already exist in the new domain as well.
"addusers /d <filename>" to dump users/groups to file
"addusers /c <filename>" to import above file in new domain.


--
David Brandt
Microsoft Corporation

This posting is provided "AS IS" with no warranties, and confers no rights.
Please do not send e-mail directly to this alias. This alias is for
newsgroup purposes only.

 

[Cary Shultz [A.D. MVP]]

Patrick,

I might suggest that you consider using ADMT for doing the job. I am not
sure that I would want to have a single label domain name. As Danny pointed
out in his post, there are several problems associated with it. I might
strongly consider doing this before adding the 60 users. However, with ADMT
whether there are 40 users or 100 users should not make any difference.

HTH,

Cary

 

[hurricane51]

Would any of these concerns about single-label domain names apply in th
following scenario:

1. INTERNAL private namespace only (Internet namespace is completel
different)

2. Single-label domain name ("local") is assigned to the empty fores
root only. No user objects (user accounts, computer accounts, etc.
reside in this domain.

3. All user objects are located in a child domain ("child.local") o
the single-label empty forest root.

That would seem to sidestep all the "issues", no

hurricane5