Re: Old DNS question

Hi James,

I think the most appropriate method is if you create a new Forward
Lookup Zone called fin.bigco.net. Then create a Host (A) record with a
blank name pointing to the IP address of fin.bigco.net.

That way you will resolve fin via your internal zone, all other requests
will go via the forwarder (unless they happen to be beneath fin.bigco.net).

Chris

"Chris Dent" <> wrote in message
news:...
>
> Hi James,
>
> I think the most appropriate method is if you create a new Forward Lookup
> Zone called fin.bigco.net. Then create a Host (A) record with a blank name
> pointing to the IP address of fin.bigco.net.
>
> That way you will resolve fin via your internal zone, all other requests
> will go via the forwarder (unless they happen to be beneath
> fin.bigco.net).
>
> Chris


I would lean towards this solution, as well. Accordingly, if all external
resources are offered internally as they are externally, such as assumingly
OWA, then a bigco.net at SmallCo will work, too, as long as BigCo has a
record for 'mail.BIgCo.net or owa.BigCo.net created internally, or even
simply whatever the OWA server's actual hostname is on BigCo.net, can be
easily accessed. Once SmallCo folks know what the OWA's internal actual FQDN
is, a conditional forwarder will work. This also assumes BigCo's website is
internal as well.

Otherwise, what you propose Chris seems to be the more straightforward
solution, provided as you said, nothing else is under the fin.bigco.net
namespace.

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Please reply back to the newsgroup or forum for collaboration benefit among
responding engineers, and to help others benefit from your resolution.

Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE &
MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services

If you feel this is an urgent issue and require immediate assistance, please
contact Microsoft PSS directly. Please check http://support.microsoft.com
for regional support phone numbers.

"Jonathan de Boyne Pollard" <J.deBoynePollard-> wrote
in message
news: ard.localhost...
> [...] provided as you said, nothing else is under the fin.bigco.net
> namespace.
>
> I think that you both overlooked the plurals hiding in the original
> description:
>
> Some of their servers that we have to reach for financial information
> [...] while others [...]
>
> Your ideas, whilst not incorrect, won't scale well to multiple servers.
> However, a proper split horizon setup, with appropriate stub zones for the
> parent company's portion(s) of the DNS namespace, will. The parent
> company can change the DNS data within its part of the DNS namespace to
> its hearts' contents and the subsidiary won't have to reconfigure anything
> in order to keep up. A little forethought now will save lots of pain
> every time that an additional server is added, or an existing server's IP
> addresses are changed, later. What's the betting that M. James was giving
> one server name only for the sake of example (especially given that xe
> clearly invented that name)? (-:
>


I was basically agreeing because of the original poster's statement
indicating there's a restriction, and *assumed* there's no access allowed to
the other company's DNS:

"We have a VPN connecting the two networks that allows access only to the
Fin.BigCo.net server."

Ace

Ace Fekay [MVP-DS, MCT] wrote:
> "Jonathan de Boyne Pollard" <J.deBoynePollard-> wrote
> in message
> news: ard.localhost...
>> [...] provided as you said, nothing else is under the fin.bigco.net
>> namespace.
>>
>> I think that you both overlooked the plurals hiding in the original
>> description:
>>
>> Some of their servers that we have to reach for financial information
>> [...] while others [...]
>>
>> Your ideas, whilst not incorrect, won't scale well to multiple servers.
>> However, a proper split horizon setup, with appropriate stub zones for the
>> parent company's portion(s) of the DNS namespace, will. The parent
>> company can change the DNS data within its part of the DNS namespace to
>> its hearts' contents and the subsidiary won't have to reconfigure anything
>> in order to keep up. A little forethought now will save lots of pain
>> every time that an additional server is added, or an existing server's IP
>> addresses are changed, later. What's the betting that M. James was giving
>> one server name only for the sake of example (especially given that xe
>> clearly invented that name)? (-:
>>
>
>
> I was basically agreeing because of the original poster's statement
> indicating there's a restriction, and *assumed* there's no access allowed to
> the other company's DNS:
>
> "We have a VPN connecting the two networks that allows access only to the
> Fin.BigCo.net server."
>
> Ace
>
>

I agree, but I'm in the same boat as Ace, I read about only having
access to the fin server and took it at face value.

It would be better to let bigco.net handle resolution of fin, as well as
management of the split-brain (or whatever you prefer to call it). If
they cannot or will not or just never thought of it then the work-around
will deal with it with extremely low administrative cost

Chris