Simple question about zone and CNAME
Sam Wilson
Sam.Wilson at ed.ac.uk
Wed Apr 24 15:42:45 UTC 2013
In article <mailman.79.1365435117.20661.bind-users at lists.isc.org>,
"Barry S. Finkel" <bsfinkel at att.net> wrote:
> On 4/8/2013 9:10 AM, bind-users-request at lists.isc.org wrote:
> > In article <mailman.59.1365230565.20661.bind-users at lists.isc.org>, Phil
> > Mayers <p.mayers at imperial.ac.uk> wrote:
> >> >Sam Wilson<Sam.Wilson at ed.ac.uk> wrote:
> >> >
> >>> > >[adding an A record for ed.ac.uk.]
> >>> > >
> >> >
> >> >If your AD realm is also called ed.ac.uk then adding an A record will
> >> >definitely affect things.
> > Which is exactly the opposite of what our AD guys said, but not with
> > such great conviction.:-)
> >
> > Sam
>
> AD clients, if they do not know about SRV records for finding the
> LDAP servers, will use the "A" records for the AD domain to locate
> the Domain Controllers. ...
Can you identify any such clients? Phil Mayers has already mentioned
non-MS DFS clients and other things (MS?) which might try SMB and WebDAV
to an A record at the AD domain name. Are there others?
> ... Where I used to work we did not segregate
> AD, so internally,
>
> example.com
>
> pointed to the Domain Controllers. Externally,
>
> example.com
>
> had no IP address because the DCs were not accessible from the
> external Internet. When we had the DC addresses externally, then
> AD clients would see the addresses, try to authenticate to the AD,
> experience timeouts, and get frustrated. Without an external
> address, AD clients do not try to access the DCs. The drawback
> is that we can not have
>
> example.com
>
> externally have the same address as
>
> www.example.com
>
> to aid browser users.
Which is exactly where I came in - the people who manage our corporate
image feel that this is unacceptable and reflects badly on the
University.
Sam
--
The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.
More information about the bind-users
mailing list