Simple question about zone and CNAME
Novosielski, Ryan
novosirj at umdnj.edu
Sat Apr 6 06:53:03 UTC 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 04/05/2013 04:12 PM, Dave Warren wrote:
> On 2013-04-05 12:18, Sam Wilson wrote:
>> We're currently prevaricating over putting in an A record for
>> ed.ac.uk. Whilst my colleagues who manage active directory assure
>> me that having an A record there - pointing at the
>> content-managed web server that has difficulty handling arbitrary
>> URLs - won't break anything I'm not going to try it except under
>> very controlled conditions and after I've spoken to a lot of
>> other people who do it already.
>
> Is ed.ac.uk your Active Directory root as well? If so, my
> experience is that pointing it at anything but domain controllers
> will eventually lead you to issues.
>
> It's not to say that this totally forbidden, but there is (was?)
> Microsoft best practices documents suggesting avoiding this
> configuration entirely when possible, although there were ways to
> mitigate most of the negative side effects.
>
> Obviously if you can run a split DNS environment this is less of a
> factor.
It is funny you should mention that... my questions about using views
to create a situation where one single record is different happens to
be exactly for this reason. The Active Directory administrators were
saying that not having umdnj.edu point to an Active Directory server
was bothering the AD servers in some fashion. The solution we're going
to test is telling the AD servers that umdnj.edu are them, but telling
everyone else on the planet that it's www. We think this will do it,
but haven't tested yet.
- --
- ---- _ _ _ _ ___ _ _ _
|Y#| | | |\/| | \ |\ | | |Ryan Novosielski - Sr. Systems Programmer
|$&| |__| | | |__/ | \| _| |novosirj at umdnj.edu - 973/972.0922 (2-0922)
\__/ Univ. of Med. and Dent.|IST/EI-Academic Svcs. - ADMC 450, Newark
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/
iEYEARECAAYFAlFfxkgACgkQmb+gadEcsb7w4wCeKJ/dbr6KekRULsz0VnphSDnB
XeoAnjf8tx6zKG7EfpQxnHGWdZSpF1OD
=Ny9k
-----END PGP SIGNATURE-----
More information about the bind-users
mailing list