Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Best practice on how to create a DNS sub domain in windows server 2008 r2

Posted on 2011-09-08
3
Medium Priority
?
2,493 Views
Last Modified: 2012-05-12
I work for a large scale company and we are cleaning up our DNS in addition to implementing new Windows Server 2008 R2 systems. We have multiple domains that have been created throughout the years. I have noticed a sub-domain that is giving us an error with the DNS Best Practice Analyzer. It appears they originally clicked on the zone and selected "New Domain" instead of just creating a separate zone. I have not seen this method used before. I have been searching for the Microsoft Best Practice method to prove of disprove this configuration should be changed to it's own new zone. Can anyone help me answer this?

Your help is greatly appreciated.

ProBSD
0
Comment
Question by:ProBSD
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 20

Accepted Solution

by:
wolfcamel earned 2000 total points
ID: 36507959
As best as I can explain ..it is an issue because..
for example two domains
domain.local
sub.domain.local

domain.local will have properly created subdomains such as server.domain.local, www.domain.local

the risk/issue is that if a workstation looks up sub.domain.local that the server may lookup domain.local and notice that there is no a record for sub.domain.local and then reply that it doesnt exist without noticing that there is a completely seperate domain.
It "SHOULD" notice the second domain exists, but the risk that it doesnt is the issue
0
 

Assisted Solution

by:ProBSD
ProBSD earned 0 total points
ID: 36598910
I finally broke down and contacted Microsoft to see what is best practice. In Server 2003 you could use this method even though it is not best practice, however in 2008 they recommend only creating a separate zone for each sub-domain. The only time it is recommended to create a domain under a zone is if the domain points to another domain in a different forest. In my situation this is not the case so we removed the domains, created new zones and then created delegations under the original zone to point to the new sub-domain's new zone.

Wolfcamel, thank you for your input however I feel this does not answer my original question, only why it may not work. But since you are the only person that has try to assist me I will still give you credit for assisting solution.

Thank you
ProBSD
0
 

Author Closing Comment

by:ProBSD
ID: 36895817
Wolfcamel, thank you for your input however I feel this does not answer my original question, only why it may not work. But since you are the only person that has try to assist me I will still give you credit for assisting solution.
0

Featured Post

Ready for your healthcare security check-up?

In the past few years, healthcare organizations have become a prime target for advanced attacks. Does your organization have what it needs to defend itself? Schedule your healthcare security check-up today and download our free Healthcare Security Resource Kit today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Suggested Courses

598 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question