Microsoft Knowledge Base Article
This article contents is Microsoft Copyrighted material.
©2005-©2007 Microsoft Corporation. All rights reserved.
Terms
of Use |
Trademarks
Article ID: 254680 - Last Review: September 11, 2011 - Revision: 5.0
DNS Namespace Planning
This article was previously published under Q254680
The resolution of names through the use of Domain Name
System (DNS) is central to Windows operation. Without proper name resolution,
users cannot locate resources on the network. It is critical that the design of
the DNS namespace be created with Active Directory in mind and that the
namespace that exists on the Internet not conflict with an organization's
internal namespace.
The recommended approach to DNS design in an Active
Directory environment is to design the Active Directory environment first and
then support that design with the DNS structure. However, in some cases, the
DNS namespace may already be in place. In such a configuration, the Active
Directory environment should be designed independently and then implemented
either as a totally separate namespace or as a subdomain of the existing
namespace. If the namespace you choose already exists on the Internet, it may
cause name resolution problems for internal clients.
Consider the
following items:
- Identify the DNS namespace that you will be using for your
domain. Identify the name that your organization has registered for use on the
Internet (for example, company.com). If your company
does not have a registered name, but you will be connected to the Internet, you
may want to register a name on the Internet. Make sure if you choose not to
register a name that you choose a name that is unique. You can review existing
names at http://www.networksolutions.com
(http://www.networksolutions.com)
.
- Use different internal and external namespaces. Internally,
you could use comp.com or a subdomain of the
external name such as
corp.company.com. The
subdomain structure could be useful if you already have an existing DNS
namespace. Different locations or organizations can be named with different
subdomains such as
nameone.corp.company.com
or
nametwo.corp.company.com
to ease administration.
- Make Active Directory child domains immediately subordinate
to their parent domains in the DNS namespace. You can choose to create
subdomains for organizations within your company or locations. For example,
leveltwo.levelone.corp.company.com
- Separate internal and external names on separate servers.
External servers should include only those names that you want to be visible to
the Internet. Internal servers should contain names that are for internal use.
You can set your internal DNS servers to forward requests that they cannot
resolve to external servers for resolution. Different types of clients require
different kinds of name resolution. Web proxy clients, for example, do not
require external name resolution because the proxy server does this on their
behalf. Overlapping internal and external namespaces are not recommended. In
most cases, the end result of this configuration is that computers will be
unable to locate needed resources because of receiving incorrect IP addresses
from DNS. This is particularly a concern when Network Address Translation (NAT)
is involved and the external IP address is in an unreachable range for internal
clients.
- Make sure that root servers are not created
unintentionally. Root servers may be created by the Dcpromo Wizard, resulting
in internal clients being able to reach external clients or to reach parent
domains. If the "." zone exists, a root server has been created. It may be
necessary to remove this for proper name resolution to work.
For additional information, click
the article number below to view the article in the Microsoft Knowledge Base:
229840Â
(http://kbalertz.com/Feedback.aspx?kbNumber=229840/EN-US/
)
DNS Server's Root Hints and Forwarder Pages Are Unavailable
APPLIES TO
- Microsoft Windows Server 2003, Standard Edition (32-bit x86)
- Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
- Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows Small Business Server 2003 Premium Edition
- Microsoft Windows Small Business Server 2003 Standard Edition
| kbproductlink kbdns kbinfo KB254680 |
Community Feedback System
Very often, it takes hours to solve a problem. Very often, you've looked high
and low, and have tried a lot of solutions. When you finally found it, chances
are, it was because someone else helped you. Here's your chance to give back.
Use our community feedback tool to let others know what worked for you and what
didn't.
Please also understand that the community feedback system is not warranted to be
correct, it's simply a system that we've built to let people try and help each
other. If something in a feedback response doesn't make sense to you, or you're
not comfortable making changes that the feedback talks about (like registry
edits), please consult a professional.
Thank you for using kbAlertz.com Feedback System.
-- Scott Cate