[SATLUG] Question about proper DNS setup
Sean Carolan
scarolan at gmail.com
Mon Aug 6 14:41:15 CDT 2007
> The typical solution here is to delegate some subdomain of your
> network to the Windows boxes, and let that subdomain be managed
> internally by their software, and they're free to screw it up however
> they like. However, the parent domain should be managed by a more
> secure process, such as BIND on a *nix box, preferably using
> cryptographic signatures to authenticate all monitoring,
> administration, or other changes from external sources.
It's actually already set up this way - we have corp.example.com and
other subdomains but some genius decided that the win2k name server
would also be authoritative for internal users on example.com.
We'll see if I can pry it from their hands. I'm not holding my
breath. In the meantime I may have to keep these two updated by hand.
More information about the SATLUG
mailing list