Announcement

Collapse
No announcement yet.

Parent / Child DNS Design

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Parent / Child DNS Design

    Hello,

    I'm implementing a new domain structure. We're using parent/child domains and we own the parent TLD. This enables us to use split brain DNS for the parent domain company1.com as we want the ability to manage an internal and external zone of the company1.com zone. The attached diagram is how I usually set up the DNS when using parent/child domains. I've had some queries on why I don't just forward external dns queries straight from the child DC as forwarding via the root DC is an extra step, this is correct but I don't really see any other way otherwise all the queries for the parent company1.com zone would go externally and not to the internally hosted zone.

    What is the best practice for forwarding DNS queries?



    Thanks

  • #2
    Best practice is to not use your parent public DNS name internally.

    Comment


    • #3
      Originally posted by joeqwerty View Post
      Best practice is to not use your parent public DNS name internally.
      I've not seen that advice from Microsoft? The only best practice I've seen is to suggest you own the TLD for you root domain for obvious reasons. If you use split brain DNS your internal zone is hidden, what is the risk of this setup?

      Regardless of that do you have advice on the dns forwarding scenario in my attachment?

      Thanks

      Comment


      • #4
        If your child domain DNS server (used by the clients) don't forward to your root DCs (authoritative for your TDL) how can they resolve TDL A records to internal IPs?

        For example you have web.domain.com hosted on your LAN. The site is published externally. If you want internal users to access the site by their internal IP using that fqdn then you need to host that zone internally. You can't have your external DNS provider resolve web.domain.com to an internal IP and an external IP.

        If you forward your queries straight to the ISP your internal clients would resolve internally hosted sites to their external IP, resulting in traffic going out and back in

        Comment


        • #5
          Going to chime in as we have a similar setup, child domain of our external TLD.

          Whats the reason for the forward to your root domain? Are your child domain DNS servers blocked from going directly to the internet for DNS resolution?

          Why not setup a secondary lookup zone to allow for your clients to see the company.com domain and name resolution stays internal. Any external queries that the server doesn't know about will be sent to your forwarders.

          Comment

          Working...
          X