DNS name space best practices

CHONG Yu Meng chongym at cymulacrum.net
Mon Jan 23 03:39:45 PST 2012 

----- Original Message -----
> From: "Federico Voges" <ftc at ftc.com.ar>
> To: "linux-users" <linux-users at lists.celestial.com>
> Sent: Monday, January 23, 2012 6:15:26 PM
> Subject: DNS name space best practices
> Hi,
> 
> I've been trying to find examples (like white papers, best practices
> docs, etc) to support my proposal but the closest thing I've found is
> for Windows AD. The rest of the best practices docs only talk about
> deploying BIND and not how to design your DNS zones.
> 
> Does anyone have any link that my help having to implement this insane
> flat name space nightmare?


Hi Federico, 

I am also surprised that there are not many "best practice" papers on
the proper design of DNS. Active Directory has more books and articles
written on it, but that could be because Microsoft technologies are more
finicky about how things are configured.

I can't give you any good links to articles - I learned DNS through
reading the O'Reilly book and through my own experience with customers.
My environment is very different from yours as the networks I setup and
maintain tend to be small (less than 50 PCs and servers) and simple, and
so, flat DNS structures work best.

For your situation, are all the systems in the same geographical
location (same building)? Do they all need to be able to see each other
in a Microsoft network? If the answer to both is "yes", I think a flat
DNS structure is best. I'm not completely sure, but in order for all the
PCs to see each other on a Microsoft AD domain, you probably need them
all on the same DNS domain, same level.

If your systems are on different networks in different geographical
locations and if they are not all connected via VPN, then I suppose it
does not matter how you structure your DNS.

As for putting the attributes inside the DNS name - I am not sure if it
is necessarily bad idea. I've seen this kind of convention and it works
well when you have no inventory control system.

But I think my experience here may not be applicable in your situation,
but I am interested to hear how other handle this situation as well!

Regards,
pascal chong

More information about the Linux-users mailing list