setting up dns properly

  • Thread starter Thread starter Todd Ellington
  • Start date Start date
T

Todd Ellington

Both of the follow ways actually work and respond properly but which is the
best way to setup the MS DNS server?

Under "Forward Lookup Zones" you then have a domain called "com" then under
that you create new domains (i.e.: microsoft) then in that folder you create
the hosts, aliases, etc... to point the domain.

OR

Under "Forward Lookup Zones" you then have a domain called "microsoft.com"
and in that folder you setup your hosts, aliases, etc...
 
The second way is the proper way to do it.

If you were to create a zone for .com you would not be able to access any
Internet sites ending in .com as your DNS server would think it was
authoritative for all .com servers.
 
TE> [...] which is the best way to setup the MS DNS server?

"Which is the best way of integrating European currency systems: with a
chocolate-covered banana or with a chocolate-flavoured banana ?"

<URL:http://perl.plover.com./Questions3.html>

What is best depends from your intended goal, which you haven't told us. What
is your intended goal ? Is it to perform the prune and graft operation on the
namespace tree at "com." ? Is it to perform the prune and graft operation on
the namespace tree at "microsoft.com." ? Is it something else entirely ?
 
If you create a "com" zone within forward lookup zones, this will break internet name resolution for this DNS server. This DNS server will think that it is the
authority for the ".com" zone and will not forward queries for anything with .com in the name to root hints or forwarders. You don't want to do this unless the goal
is to prevent access to the internet for your DNS server or internal clients.

Thank you,
Mike Johnston
Microsoft Network Support

--

This posting is provided "AS IS" with no warranties, and confers no rights. Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

Note: For the benefit of the community-at-large, all responses to this message are best directed to the newsgroup/thread from which they originated.
 
SG> The second way is the proper way to do it.

Not necessarily.

SG> If you were to create a zone for .com you would not be able to
SG> access any Internet sites ending in .com as your DNS server
SG> would think it was authoritative for all .com servers.

That may be, however, what he _wants_. He hasn't actually told us what he
wants. He's only told us the step and not the goal (and probably disguised
the step, moreover). So we cannot discount the possibility (for example) that
he is setting up an non-public DNS namespace, in which case a "com." "zone"
may well be quite appropriate.

We also cannot discount the possibility that the domain names that he gave us
were lies, and not the actual domain names involved at all. In which case,
the fact that a "com." "zone" obscures "com." and its subdomains does not
apply, since it isn't actually a "com." "zone" that he is creating. If the
real "zone" apices that he is choosing between were (say) "vtserve.com." and
"hosts.vtserve.com.", then _neither_ would cause the problem that you mention.
 
Back
Top