I am trying to setup split brain dns for an isp. Currently they have 2 server
2003 boxes that run dns and are domain controllers for their .local domain.
I'm not sure if they still need the .local domain or if the new setup should
just use their .net domain. I also don't understand how to separate external
from internal dns. Looking at Minasi's article on islands, it appears as
though everything would be configured through NIC settings? Is there an
article anywhere that details moving away from .local domains into split
brain dns?

In news:27177B4B-19FB-4CE9-BDDA-972C2380A2CA@microsoft.com,
Rodge <Rodge@discussions.microsoft.com> typed:
> I am trying to setup split brain dns for an isp. Currently they have
> 2 server 2003 boxes that run dns and are domain controllers for their
> .local domain. I'm not sure if they still need the .local domain or
> if the new setup should just use their .net domain. I also don't
> understand how to separate external from internal dns. Looking at
> Minasi's article on islands, it appears as though everything would be
> configured through NIC settings? Is there an article anywhere that
> details moving away from .local domains into split brain dns?

What exactly are you trying or want to do with their current DCs that are
DCs for their example.local Active Directory domain? Are you saying you want
to demote the DCs??

A split-brain or split-zone jsut means the AD domain name is exactly the
same as the public domain name. In such a scenario, on the internal DNS zone
you must create the www or any other records that exist on the public side
otherwise internally it won;t be able to resolve (of course assuming that
all machines are properly configured to ONLY use the internal DNS). Also
setup a forwarder to your ISP's DNS for efficient internet name resolution.

If the internal is .local, and the external is .com, .net, etc, there's
really nothing else to do other than setting up a forwarder to your ISP's
DNS. THis scenario is NOT called a split-zone.

Based on what I stated, can you re-state your intentions and post please?


--
Regards,
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT,
MVP Microsoft MVP - Directory Services
Microsoft Certified Trainer

Infinite Diversities in Infinite Combinations

Having difficulty reading or finding responses to your post?
Try using Outlook Express or any other newsreader, configure a news
account, and point it to news.microsoft.com. Anonymous access. It's
easy and it's free:

How to Configure OEx for Internet News
http://support.microsoft.com/?id=171164

"Life isn't like a box of chocolates or a bowl of cherries or
peaches... Life is more like a jar of jalapenos. What you do today
may burn your butt tomorrow." - Garfield

hey thanks for the reply Ace. Let me try to clarify somewhat, this company is
an ISP, they provide dns for many clinets as well as host domains. I've read
that split brain or split horizon dns is a good practice for ISP's. They
currently are using AD Integrated DNS on server 2003 sp1 and use a .local
domain internally. I wasn't sure how I could migrate away from the .local and
at the same time, not lose all of the dns records we have setup.

"Ace Fekay [MVP]" wrote:

> In news:27177B4B-19FB-4CE9-BDDA-972C2380A2CA@microsoft.com,
> Rodge <Rodge@discussions.microsoft.com> typed:
> > I am trying to setup split brain dns for an isp. Currently they have
> > 2 server 2003 boxes that run dns and are domain controllers for their
> > .local domain. I'm not sure if they still need the .local domain or
> > if the new setup should just use their .net domain. I also don't
> > understand how to separate external from internal dns. Looking at
> > Minasi's article on islands, it appears as though everything would be
> > configured through NIC settings? Is there an article anywhere that
> > details moving away from .local domains into split brain dns?
>
> What exactly are you trying or want to do with their current DCs that are
> DCs for their example.local Active Directory domain? Are you saying you want
> to demote the DCs??
>
> A split-brain or split-zone jsut means the AD domain name is exactly the
> same as the public domain name. In such a scenario, on the internal DNS zone
> you must create the www or any other records that exist on the public side
> otherwise internally it won;t be able to resolve (of course assuming that
> all machines are properly configured to ONLY use the internal DNS). Also
> setup a forwarder to your ISP's DNS for efficient internet name resolution.
>
> If the internal is .local, and the external is .com, .net, etc, there's
> really nothing else to do other than setting up a forwarder to your ISP's
> DNS. THis scenario is NOT called a split-zone.
>
> Based on what I stated, can you re-state your intentions and post please?
>
>
> --
> Regards,
> Ace
>
> This posting is provided "AS-IS" with no warranties or guarantees and
> confers no rights.
>
> Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT,
> MVP Microsoft MVP - Directory Services
> Microsoft Certified Trainer
>
> Infinite Diversities in Infinite Combinations
>
> Having difficulty reading or finding responses to your post?
> Try using Outlook Express or any other newsreader, configure a news
> account, and point it to news.microsoft.com. Anonymous access. It's
> easy and it's free:
>
> How to Configure OEx for Internet News
> http://support.microsoft.com/?id=171164
>
> "Life isn't like a box of chocolates or a bowl of cherries or
> peaches... Life is more like a jar of jalapenos. What you do today
> may burn your butt tomorrow." - Garfield
>
>
>

In news:7DE4A74C-17DD-4F36-BE3E-256751CA0083@microsoft.com,
Rodge <Rodge@discussions.microsoft.com> typed:
> hey thanks for the reply Ace. Let me try to clarify somewhat, this
> company is an ISP, they provide dns for many clinets as well as host
> domains. I've read that split brain or split horizon dns is a good
> practice for ISP's. They currently are using AD Integrated DNS on
> server 2003 sp1 and use a .local domain internally. I wasn't sure how
> I could migrate away from the .local and at the same time, not lose
> all of the dns records we have setup.
>
I see. You are actually talking about a full Active Directory domain
migration and not just a simple name change. I don't see how a split zone
applies in your scenario. Maybe I am not understanding your viewpoint of
exactly how a split-zone, split-brain or split-horizon (whatever you like to
refer to it as) will work for you or even if you understand exactly what
this is. I you have a .local domain, it is NOT a split-zone.

Here's a split zone:
I create a brand new AD domain and call it domain.com.
My public domain name is also called domain.com.
The public zone records for www, mail, ftp, etc, and their associated public
IP addresses are hosted at an ISP's DNS server, more than likely the SOA of
the public zone.
The webserver is hosted somewhere on the internet and NOT internally.
My internal DNS hosts the AD zone name internally with all the private
records such as my DC hostnames, the SRV records all pointing to private IP
addresses as well as host the reverse zone for my private IP range, etc.
The internal DNS server is configured with a forwarder to some external DNS
to make it more efficient to resolve external names.
When my internal user types in www.domain.com, they immediately get upset
and immediately call the desk stating they cannot get to the company
website. You try it too and say to yourself, man, I can't get to it either.
What is wrong??
What is wrong is the zone internally does not have a www record. And you
wonder why it will not forward to resolve it. That's because the zone name
is domain.com and therefore it will NOT forward a request for a zone that
it'shosting.
That is a split zone and the dillemas of having one.
How to fix? Manually create the www record and find out what the actual
external IP is of your external web server and put that in. You can also
delegate www.domain.com to the SOA.

Make sense?

Base on this, can you re-phrase your statement and what you are intending to
do?

Thanks


--
Regards,
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT,
MVP Microsoft MVP - Directory Services
Microsoft Certified Trainer

Infinite Diversities in Infinite Combinations

Having difficulty reading or finding responses to your post?
Try using Outlook Express or any other newsreader, configure a news
account, and point it to news.microsoft.com. Anonymous access. It's
easy and it's free:

How to Configure OEx for Internet News
http://support.microsoft.com/?id=171164

"Life isn't like a box of chocolates or a bowl of cherries or
peaches... Life is more like a jar of jalapenos. What you do today
may burn your butt tomorrow." - Garfield

In news:7DE4A74C-17DD-4F36-BE3E-256751CA0083@microsoft.com,
Rodge <Rodge@discussions.microsoft.com> typed:
> hey thanks for the reply Ace. Let me try to clarify somewhat, this
> company is an ISP, they provide dns for many clinets as well as host
> domains. I've read that split brain or split horizon dns is a good
> practice for ISP's. They currently are using AD Integrated DNS on
> server 2003 sp1 and use a .local domain internally. I wasn't sure how
> I could migrate away from the .local and at the same time, not lose
> all of the dns records we have setup.
>
> "Ace Fekay [MVP]" wrote:
>

Rodge, read this thread too. It's about a split zone scenario to get a
better understanding of what a split zone is.

From: mclark2800@gmail.com
Newsgroups: microsoft.public.windows.server.dns
Subject: DNS Config for Windows domain w/ same Domain Name as Public Domain
Date: Tue, 21 Aug 2007 18:47:32 -0000


Ace