Planning Your Namespace
When planning your namespace, you must decide whether to use a private root and whether you want your internal and external namespaces to have the same domain name.
Whether you can use a private root depends on the type of clients you have. You can use a private root only if each of your clients has one of the following:
name exclusion list . A list of DNS suffixes that are internal.
proxy autoconfiguration (PAC) file . A list of DNS suffixes and exact names that are internal or external.
If you have clients lacking both of these, the DNS server hosting your organization's top-level internal domain must forward queries to the Internet.
Table 6.12 shows, based on the proxy capability of your client, whether you can use a private root. (Note that a local address table is a list of IP addresses that are internal and external.)
Table 6.12 Configuring Internal and External Namespaces Based on Proxy Capability
|
No Proxy |
Local Address Table (LAT) |
Name Exclusion List |
Proxy Auto-configuration (PAC) File |
|---|---|---|---|---|
Microsoft software with corresponding proxy capability |
Generic Telnet |
Windows Sockets Proxy (WSP) 1. x , WSP 2. x |
WSP 1. x , WSP 2. x , and all versions of Microsoft® Internet Explorer. |
WSP 2. x , Internet Explorer 3.01 and later. |
Can you forward queries? |
Must forward queries. |
Must forward queries. |
Possible. |
Possible. |
Can you use a private root? |
Not possible. |
Not possible. |
Possible. |
Possible. |
To simplify name resolution for internal clients, use a different domain name for your internal and external namespaces. For example, you can use the name reskit01 - ext.com for your external namespace and reskit.com for your internal namespace. You can also use the name reskit.com for your external namespace and noam.reskit.com for your internal namespace. However, do not make your external domain a subdomain of your internal domain; that is, in the context of this example, do not use reskit.com for your internal namespace and noam.reskit.com for your external namespace.
You can use the same name internally and externally, but doing so causes configuration problems and generally increases administrative overhead. If you want to use the same domain name internally and externally, you need to perform one of the following actions:
Duplicate internally the public DNS zone of your organization.
Duplicate internally the public DNS zone and all public servers (such as Web servers) that belong to your organization.
In the PAC file on each of your clients, maintain a list of the public servers that belong to your organization.
.gif "caution-icon")
Caution
Make sure that the domain name for your internal namespace is not used anywhere on the Internet. Otherwise, you might have problems with ambiguity in the name resolution process.
Which action you need to perform to use the same domain name internally and externally varies. Table 6.13 shows whether you can use the same domain name for your internal and external namespaces, and if so, which method you must use, based on your client software proxy capability.
Table 6.13 Using the Same Name for Internal and External Namespaces Based on Proxy Capability
|
No Proxy |
Local Address Table (LAT) |
Name Exclusion List |
Proxy Auto-configuration (PAC) File |
|---|---|---|---|---|
Use different domain names. |
Possible. |
Possible. |
Possible. |
Possible (using simple exclusion) |
Use the same domain name; internally duplicating organization's public DNS namespace (records). |
Possible. |
Possible (by populating LAT). |
Not possible. |
Possible. When a PAC file is used, duplicated external records are not used. |
Use the same domain name; internally duplicating organization's public DNS namespace and public servers. |
Possible. |
Possible. |
Possible. |
Possible. |
Use the same domain name; maintaining list of public servers in the PAC files. |
Not possible. |
Not possible. |
Not possible. |
Possible. |