Simple question about zone and CNAME

Sam Wilson Sam.Wilson at ed.ac.uk
Wed Apr 24 15:48:45 UTC 2013


In article <mailman.86.1365490964.20661.bind-users at lists.isc.org>,
 Phil Mayers <p.mayers at imperial.ac.uk> wrote:

> On 04/08/2013 06:59 PM, Novosielski, Ryan wrote:
> 
> > Someone can correct me if I'm wrong, but I think they'd be right if
> > and only if the webserver they're adding the A record for happens to
> > also be the AD server.
> 
> In principle that's correct.
> 
> In practice, running a publicly accessible webserver on your AD 
> controllers is a bad move IMO. The security implications are gruesome.
> 
> I think I almost dislike the idea so much that I'd suggest split DNS 
> before this. And given how much I dislike split DNS, that's saying 
> something.
> 
> But hey, to each their own.

In our case it would be impossible for the University's public web 
presence and the AD domain controllers to be the same machines.  It is 
conceivable that we could do some magic in load balancers to divide 
traffic appropriately, but I'd rather not do that if I don't have to.

Sam

-- 
The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.


More information about the bind-users mailing list