On 4/8/2013 9:10 AM, bind-users-requ...@lists.isc.org wrote:
In article <mailman.59.1365230565.20661.bind-us...@lists.isc.org>, Phil
Mayers <p.may...@imperial.ac.uk> wrote:
>Sam Wilson<sam.wil...@ed.ac.uk> wrote:
>
> >[adding an A record for ed.ac.uk.]
> >
>
>If your AD realm is also called ed.ac.uk then adding an A record will
>definitely affect things.
Which is exactly the opposite of what our AD guys said, but not with
such great conviction.:-)
Sam
AD clients, if they do not know about SRV records for finding the
LDAP servers, will use the "A" records for the AD domain to locate
the Domain Controllers. Where I used to work we did not segregate
AD, so internally,
example.com
pointed to the Domain Controllers. Externally,
example.com
had no IP address because the DCs were not accessible from the
external Internet. When we had the DC addresses externally, then
AD clients would see the addresses, try to authenticate to the AD,
experience timeouts, and get frustrated. Without an external
address, AD clients do not try to access the DCs. The drawback
is that we can not have
example.com
externally have the same address as
www.example.com
to aid browser users.
--Barry Finkel
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
