?
Solved

Best practice on how to create a DNS sub domain in windows server 2008 r2

Posted on 2011-09-08
3
Medium Priority
?
2,361 Views
Last Modified: 2012-05-12
I work for a large scale company and we are cleaning up our DNS in addition to implementing new Windows Server 2008 R2 systems. We have multiple domains that have been created throughout the years. I have noticed a sub-domain that is giving us an error with the DNS Best Practice Analyzer. It appears they originally clicked on the zone and selected "New Domain" instead of just creating a separate zone. I have not seen this method used before. I have been searching for the Microsoft Best Practice method to prove of disprove this configuration should be changed to it's own new zone. Can anyone help me answer this?

Your help is greatly appreciated.

ProBSD
0
Comment
Question by:ProBSD
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 20

Accepted Solution

by:
wolfcamel earned 2000 total points
ID: 36507959
As best as I can explain ..it is an issue because..
for example two domains
domain.local
sub.domain.local

domain.local will have properly created subdomains such as server.domain.local, www.domain.local

the risk/issue is that if a workstation looks up sub.domain.local that the server may lookup domain.local and notice that there is no a record for sub.domain.local and then reply that it doesnt exist without noticing that there is a completely seperate domain.
It "SHOULD" notice the second domain exists, but the risk that it doesnt is the issue
0
 

Assisted Solution

by:ProBSD
ProBSD earned 0 total points
ID: 36598910
I finally broke down and contacted Microsoft to see what is best practice. In Server 2003 you could use this method even though it is not best practice, however in 2008 they recommend only creating a separate zone for each sub-domain. The only time it is recommended to create a domain under a zone is if the domain points to another domain in a different forest. In my situation this is not the case so we removed the domains, created new zones and then created delegations under the original zone to point to the new sub-domain's new zone.

Wolfcamel, thank you for your input however I feel this does not answer my original question, only why it may not work. But since you are the only person that has try to assist me I will still give you credit for assisting solution.

Thank you
ProBSD
0
 

Author Closing Comment

by:ProBSD
ID: 36895817
Wolfcamel, thank you for your input however I feel this does not answer my original question, only why it may not work. But since you are the only person that has try to assist me I will still give you credit for assisting solution.
0

Featured Post

WatchGuard's M Series Appliances - Miecom Approved

WatchGuard's newest M series appliances were put to the test by Miercom.  We had great results and outperformed all of our competitors in both stateless and stateful traffic throghput scenarios! Ready to see how your UTM appliance stacked up? Download the Miercom Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question