AD and DNS Question
Posted on 2009-07-09
This is probably going to sound like a stupid question but I'm trying to get some opinions. We have one AD Forest with one Child domain and DNS zones provided from a thirdparty solution. The zones look like:
Clients are in the Child domain AD. We've had a suggestion from one of our teams that we should take the DNS records for all servers and clients in the AD domain and place them into the Parent DNS Zone... so all server/client entries would go from AD.PARENT.COM to PARENT.COM DNS Zone (they would still be in the "AD" Child Domain for authentication). They would then disable DDNS on the "AD" Zone.
I have no idea why someone would want to do this (I think they're trying to simplify it by supporting only the parent zone and just leaving the AD servers and service records in the child), but I'm looking for technical reasons why you wouldn't want to.
I'm wondering if this would cause any issues with Kerberos tickets etc, and does the domain use FQDN to contact clients (assuming the child domain would naturally think it's domain members would be in the same DNS zone)?
Is it best practice to use FQDN where possible or allow your search suffix to do the work? Is it a stipulation that clients DNS records should exist in the same Zone as the AD they logon to?
Appreciate the help