Microsoft windows 2000 DNS Server User Manual


 
namespace and DNS architecture to support it, and then revising the ADS and DNS
design if unforeseen, or undesirable consequences are uncovered.
The Windows 2000 Active Directory Namespace Design white paper describes the
ADS namespace, including the forest and tree domain structure, organizational
units, the global catalog, trust relationships, and replication. It then provides
examples of namespace implementations and describes the architectural criteria
that network architects and administrators should consider when designing an
Active Directory namespace for the Enterprise. By following the recommendations
in that paper, the Enterprise network architect should be able to design a
namespace that is capable of withstanding company reorganizations without
expensive restructuring.
Some of the fundamental DNS design questions that need to be answered are:
How many Active Directory domains will you have?
What will their names be?
Will your DNS namespace have a private root?
What will your computer names be?
Choosing Names
In Windows 2000, Active Directory domains are named with DNS names. When
choosing DNS names to use for your Active Directory domains, identify the
registered DNS domain name suffix that your company has reserved for use on the
Internet, such as ‘company.com.’. It is recommended that you use different internal
and external namespaces to simplify name resolution process. So, you could use
internally (and as a forest root) a registered DNS suffix different from the external
one, like “comp.com.”, or subdomain of the external domain, like
“corp.company.com.”. You can then combine this name with a location or
organizational name used within your company to form full names for your Active
Directory domains, for example “hr.corp.company.com.”. This method of naming
ensures that each Active Directory domain name is globally unique.
Once you have decided on DNS names for each of your Active Directory domains,
you can use these names as parents for creating additional child domains to further
manage other divisions within your company. Child domains must have DNS names
that are immediately subordinate to their parent’s DNS name. For example, if a child
domain were to be added in the ”us.corp.company.com.” tree for the human
resources department in the American branch of the company, an appropriate name
for that domain might be “hr.us.corp.company.com.”
Internet Access Considerations
Typically, a company namespace consists of two portions: private and public. The
private one is a portion invisible from the outside world, while the public one is
exposed to the Internet. Here the names that form the private and public
namespaces are referred to as internal and external, respectively. Even though the
private names are not exposed to the Internet, repetition of any external names (not
only from the company, but from the Internet in general) in the private namespace is
Windows 2000 White Paper 46