Solved

Best practice on how to create a DNS sub domain in windows server 2008 r2

Posted on 2011-09-08
3
2,159 Views
Last Modified: 2012-05-12
I work for a large scale company and we are cleaning up our DNS in addition to implementing new Windows Server 2008 R2 systems. We have multiple domains that have been created throughout the years. I have noticed a sub-domain that is giving us an error with the DNS Best Practice Analyzer. It appears they originally clicked on the zone and selected "New Domain" instead of just creating a separate zone. I have not seen this method used before. I have been searching for the Microsoft Best Practice method to prove of disprove this configuration should be changed to it's own new zone. Can anyone help me answer this?

Your help is greatly appreciated.

ProBSD
0
Comment
Question by:ProBSD
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 20

Accepted Solution

by:
wolfcamel earned 500 total points
ID: 36507959
As best as I can explain ..it is an issue because..
for example two domains
domain.local
sub.domain.local

domain.local will have properly created subdomains such as server.domain.local, www.domain.local

the risk/issue is that if a workstation looks up sub.domain.local that the server may lookup domain.local and notice that there is no a record for sub.domain.local and then reply that it doesnt exist without noticing that there is a completely seperate domain.
It "SHOULD" notice the second domain exists, but the risk that it doesnt is the issue
0
 

Assisted Solution

by:ProBSD
ProBSD earned 0 total points
ID: 36598910
I finally broke down and contacted Microsoft to see what is best practice. In Server 2003 you could use this method even though it is not best practice, however in 2008 they recommend only creating a separate zone for each sub-domain. The only time it is recommended to create a domain under a zone is if the domain points to another domain in a different forest. In my situation this is not the case so we removed the domains, created new zones and then created delegations under the original zone to point to the new sub-domain's new zone.

Wolfcamel, thank you for your input however I feel this does not answer my original question, only why it may not work. But since you are the only person that has try to assist me I will still give you credit for assisting solution.

Thank you
ProBSD
0
 

Author Closing Comment

by:ProBSD
ID: 36895817
Wolfcamel, thank you for your input however I feel this does not answer my original question, only why it may not work. But since you are the only person that has try to assist me I will still give you credit for assisting solution.
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question