Single-Label DNS Names: Why

  • Thread starter Thread starter Olivier César
  • Start date Start date
O

Olivier César

Can someone explain me why some people are using Single-Label DNS Names ??

What cousl be the impact on the whole AD Infra etc ??

Also, does this invlove something when migrating from EX5.5 to EX2003 and
Windows 2000 to Windows 2003.

Maybe is this the wrong forum.. will also make a post in the exchange forum.

Anyway thx
 
Can someone explain me why some people are using Single-Label DNS Names ??

Probably because they haven't read the "best practices".
What cousl be the impact on the whole AD Infra etc ??

Extra admin work
Future MS technologies that are designed away from the single label domain
name model that became obsolete in Win 2k.
Also, does this involve something when migrating from EX5.5 to EX2003 and
Windows 2000 to Windows 2003.

Not totally sure what you are asking here.

hth
DDS W 2k MVP MCSE
 
Olivier César said:
I mean. If i try to upgrade from 5.5 to 2003, what could be the impact ??

For one, the DNS doesn't work completely correctly in AD
with single label names.

Start here:

Single Label domain zone names are a problem Google:
[ "SINGLE LABEL" domain names DNS 2000 | 2003 microsoft: ]
 
Olivier said:
I mean. If i try to upgrade from 5.5 to 2003, what could be the
impact ??

Impact? If you do not choose the correct format for the domain name when
upgrading to AD, you are inviting yourself for numerous issues and
implications to occur. Do a search in the newsgroups on single label names.
As Herb said, do the same with Google. You'll find much written out there on
it.

It seems you are also referring to Exchange. We need to work on AD first.
Exchange uses the default DNS domain name as the default recipient policy
email suffix. That doesn't matter if your domain name is different
externally because you can add whatever suffix you want in there, make sure
the MX record is pointing to this machine, and it will receive mail for that
domain name. But Exchange 2000/2003 relies on AD. If AD fails, Exchange
fails. AD relies on DNS. If DNS fails, AD fails, therefore Exchange fails.
Single label names will cause DNS to fail, therefore AD and Exchange will
fail in concert. Nasty circle, ain't it?

Quick guideline:
DNS is hierarchal. It's based on a "tree" structure. It starts from the top
of an "upside down" tree with the Root. That's depicted with by a dot ".".
The next level down is your first level name, or better known as the TLD
(Top Level Domain) name, such as com, edu, net, org, and others that you can
make up for an internal infrastructure such as corp, local, internal, etc.
Then the next level is the second level names, such as microsoft,
macromedia, intel, etc.

The name microsoft.com. So we have a basis so far that is tree based. Notice
the period after the com? The depicts the Root. Even if you don't put it in,
it's understood to be there. "microsoft.com." It has a hierarchal structure.

However, NT4 didn't require this. Many admins who upgraded to AD didn't do
their research and wound up choosing a single label name, such as
"microsoft" instead of the required format. There is no hierarchal structure
with a single label name. DNS servers do not know what to do with it. A DNS
server will assume it is a TLD. During a query, and especially during the
Dynamic DNS update process, when a DNS server receive a request for a single
lable name, it assumes it's a TLD, then it will start querying the Root
Servers excessively to determine if there is such a TLD as "microsoft". This
causes excessive traffic to the Root servers. Microsoft recognized this
after ISC did a study and determined all the excessive unnecessary traffic
the Roots were receiving were from installations with single label names.
When Win2000 SP4 was released, there was a stop put into it to disallow DNS
updates for single label name AD DNS domain names. This was only fair to
being a good Internet citizen in the community.

XP Pro has major issues with single label names. Queries may even fail with
single label names using XP Pro. That would cause problems with user logons,
accessing files, printers, and especially GPOs.

Here's one for you. The LdapIpAddress record, which looks like this:

domain.com
(same as parent) A 192.168.5.200

That is used when domain service locations are queried for certain
functions, such as GPOs. When a client side GetGpoList function runs during
logon, it queries for:
\\domain.com\sysvol\domain.com\policies\{GuidOfGpoPolicie...}

If it were a single label name, it would look like this:
\\domain\sysvol\domain\policies\{GuidOfGpoPolicie...}

So it would treat it as a NetBIOS name. Major issues there, especially with
XP.

Sure you can go to each domain controller and each XP and W2k machine and
make registry entries to force it to update. But that is way too much
administrative overhead.

Therefore, if you have a single label name, numerous issues can occur, such
as the lack of Dynamic Registration, a key integral part of AD. So as the
requirements go, AD requires DNS, if DNS doesn't function properly, it will
cause major problems with AD. If you have a single label name, DNS will be
problematic, in turn AD will be problematic.

So do yourself a favor and get those good night rests that admins with
single label names do not get and name your domain properly, for more than
one reason, even if it's just best practices.


--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Paramount: What's up with taking Enterprise off the air??
Infinite Diversities in Infinite Combinations.
=================================
 
Back
Top