Simple question about zone and CNAME

Novosielski, Ryan novosirj at umdnj.edu
Mon Apr 8 18:10:10 UTC 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 04/08/2013 10:16 AM, Phil Mayers wrote:
> On 08/04/13 14:46, Sam Wilson wrote:
>> In article
>> <mailman.59.1365230565.20661.bind-users at lists.isc.org>, Phil
>> Mayers <p.mayers at imperial.ac.uk> wrote:
>> 
>>> Sam Wilson <Sam.Wilson at ed.ac.uk> wrote:
>>> 
>>>> [adding an A record for ed.ac.uk.]
>>>> 
>>> 
>>> If your AD realm is also called ed.ac.uk then adding an A
>>> record will definitely affect things.
>> 
>> Which is exactly the opposite of what our AD guys said, but not
>> with such great conviction.  :-)
> 
> Off the top of my head the two most recent issues we've had.
> 
> 1. If you don't have a domain controller A record at your AD realm
> name, you'll experience sporadic timeouts and slowness if you ever
> want to roll out DFS, particularly if your domain members include
> non-Microsoft clients such as Macs
> 
> 2. If you put something else at that place, you'll see SMB
> connection attempts and if they fail but port 80 is open, you'll
> see Windows trying to do WebDAV requests (!) to it.
> 
> Both these and other issues make me wish we'd chosen a sub-domain
> for our AD realm when we migrated from NT4. But we had no way of
> knowing at the time :o(

It would seem to me there is some other way around this, either by
redirecting traffic to the AD servers or some careful combination of
local host names or something else. In our case, the domain itself has
barely any activity (and no client activity) and we can just lie to
the AD servers and use them as the bare domain name.

- -- 
- ---- _  _ _  _ ___  _  _  _
|Y#| |  | |\/| |  \ |\ |  | |Ryan Novosielski - Sr. Systems Programmer
|$&| |__| |  | |__/ | \| _| |novosirj at umdnj.edu - 973/972.0922 (2-0922)
\__/ Univ. of Med. and Dent.|IST/EI-Academic Svcs. - ADMC 450, Newark
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iEYEARECAAYFAlFjCAEACgkQmb+gadEcsb7fjQCeIvlEeStO/pAT72UNJGbTuZ32
UxEAn3issXjvxOz+JXPZymbLeGhPdwKA
=W3i9
-----END PGP SIGNATURE-----



More information about the bind-users mailing list