Simple question about zone and CNAME
Barry S. Finkel
bsfinkel at att.net
Mon Apr 8 15:30:41 UTC 2013
On 4/8/2013 9:10 AM, bind-users-request at lists.isc.org wrote:
> In article <mailman.59.1365230565.20661.bind-users at lists.isc.org>, Phil
> Mayers <p.mayers at imperial.ac.uk> wrote:
>> >Sam Wilson<Sam.Wilson at ed.ac.uk> wrote:
>> >
>>> > >[adding an A record for ed.ac.uk.]
>>> > >
>> >
>> >If your AD realm is also called ed.ac.uk then adding an A record will
>> >definitely affect things.
> Which is exactly the opposite of what our AD guys said, but not with
> such great conviction.:-)
>
> Sam
AD clients, if they do not know about SRV records for finding the
LDAP servers, will use the "A" records for the AD domain to locate
the Domain Controllers. Where I used to work we did not segregate
AD, so internally,
example.com
pointed to the Domain Controllers. Externally,
example.com
had no IP address because the DCs were not accessible from the
external Internet. When we had the DC addresses externally, then
AD clients would see the addresses, try to authenticate to the AD,
experience timeouts, and get frustrated. Without an external
address, AD clients do not try to access the DCs. The drawback
is that we can not have
example.com
externally have the same address as
www.example.com
to aid browser users.
--Barry Finkel
More information about the bind-users
mailing list