On 4/8/2013 9:10 AM, bind-users-requ...@lists.isc.org wrote:
In article <mailman.59.1365230565.20661.bind-us...@lists.isc.org>, Phil
Mayers <p.may...@imperial.ac.uk> wrote:
>Sam Wilson<sam.wil...@ed.ac.uk>  wrote:
>
> >[adding an A record for ed.ac.uk.]
> >
>
>If your AD realm is also called ed.ac.uk then adding an A record will
>definitely affect things.
Which is exactly the opposite of what our AD guys said, but not with
such great conviction.:-)

Sam

AD clients, if they do not know about SRV records for finding the
LDAP servers, will use the "A" records for the AD domain to locate
the Domain Controllers.  Where I used to work we did not segregate
AD, so internally,

     example.com

pointed to the Domain Controllers.  Externally,

     example.com

had no IP address because the DCs were not accessible from the
external Internet.  When we had the DC addresses externally, then
AD clients would see the addresses, try to authenticate to the AD,
experience timeouts, and get frustrated.  Without an external
address, AD clients do not try to access the DCs.  The drawback
is that we can not have

     example.com

externally have the same address as

     www.example.com

to aid browser users.
--Barry Finkel

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to