!!!! DNS SPLIT DNS !!!

Discussion in 'DNS Server' started by Misaro, Jan 9, 2006.

  1. Misaro

    Misaro Guest


    Often times DNS changes are requested on very short notice, and maintaining
    two separate originals becomes cumbersome. It seems even more so as it would
    be unnecessary if run differently. Faced with a choice between setting the
    active directory server up as the primary server for the zone, maintaing our
    main DNS servers outsourced and active directory zones by hand, and migrating
    all DNS services to other servers, the latter appears to be the best choice.

    The question is how to run a split horizon DNS service in a way that
    leverages MS's ease of use with the expected standards compliance and
    integration one expects. Basically the idea is keeping internal records
    (non-routable ip addresses) of public names for internal clients, publishing
    the real addresses as a secondary name server, but updating these dynamically
    and automatically from the DNS server outsourced .

    The update method does not necessarily have to be standard zone transfers,
    but it must be remembered that, with our main DNS servers outsourced, our
    source-side options are quite limited.

    Also, this system should be able to support not only our public domain
    abc.com domain, but any number of zones needed.

    Thanks any comments !
    Misaro, Jan 9, 2006
  2. Well remember you do not want your internal records transferred out to the
    public zone of the same name. That's the problem. You do however, want the
    necessary external records available in the internal zone. You might want
    to look into leveraging dnscmd.exe and scripting this depending on your
    level of access into the public zone.
    Todd J Heron [MVP], Jan 9, 2006
  3. What I meant by "internal records" were things like DCs, internal
    applications servers, workstations, etc...

    Todd J Heron [MVP], Jan 10, 2006
  4. Misaro

    Herb Martin Guest

    The best place for External DNS for all but the largest companies
    (in terms of Internet presence) is at the REGISTRAR.

    You pay for the service anyway in most case or you should
    switch registrars. GoDaddy, one of the less expensive Registrars
    and one of the better ones offers this. So does the more expensive

    You enter it twice (and it is called Split OR Shadow DNS, not split
    horizon which is a routing term) -- that's the way that Split DNS works.

    Or you write something to do it for you (batch file etc.)
    Normally it is NOT worth the trouble. There are usually very
    few public records and they seldom change for most companies.

    How many web, smtp, ftp etc addresses do you have and how
    often do they change?

    Those large companies with real issues here don't typically use
    a split DNS but rather a completely different domain name for
    the public resources.
    It's not that hard to write something. But it probably isn't worth
    the trouble. (Unless you would like to pay for the development <grin>
    or do it yourself.)
    Herb Martin, Jan 10, 2006
