locked
DNS zone with the same name as the domain. RRS feed

  • Question

  • Someone from our developer team wants a dns domain name that's the same as our domian netbios name.  

    Example - trading.com(dns name), trading(netbios name), he wants to add trading as a dns domain name.

     

    I understand they are two different protocols and in theory shouldn't have an issue, but this is Microsoft and these are computers and I really don't just simple trust it to work.  I see potential authentication issues, maybe logon issues, dfs issues, etc... there are tons of potential problems.

    Does anyone have experience with this?

    Tuesday, August 16, 2011 8:21 PM

Answers

  • To add and be more specific, a name such as "trading" being a single label name, is an illegal DNS domain name. This is because DNS is an hiearchal name tree structure.  Therefore, DNS domain names must be in a minimal form of two levels, such as trading.com, trading.net, etc.

    Furthermore, the client side resolver on Windows XP and newer, as well as Windows 2000 SP4 and newer, is designed to not resolve single label DNS domain names. This was due to the way DNS tries to resolve single label names that was causing problems with the Root Servers on the internet. YOu can read more specifics on this, if you like in this link:

    Active Directory DNS Domain Name Single Label Names
    Published by Ace Fekay, MCT, MVP DS on Nov 12, 2009 at 6:25 PM  641  0
    http://msmvps.com/blogs/acefekay/archive/2009/11/12/active-directory-dns-domain-name-single-label-names.aspx

     

    You can try what James suggested to use WINS and have a single label name entry in WINS, that is if you're using WINS, but the only problem with that is if you have more than one domain controller. Each DC will register into WINS its domain name as a service name. So if there are more than one, then it may not return the correct name when trying to resolve it. So you can't do it with the NetBIOS name of the domain.

    If this were a hostname, it would be a little easier resolution, but since you're asking about using the a single name that happens to be the domain name, it ciomplicates it a bit.

    As for DFS, that is based on the LdapIpAddress to find the domain DFS roots. The LdapIpAddress is the record that EACH domain controller registers as the "same as parent" name. In your case, it would be the trading.com record. You can look in DNS and see one registered for each DC (assuming dynamic DNS is properly functioning).

     

    If you can elaborate how the developer wants to use this name, we can offer a more specific solution or recommendation.

     

    Ace

     


    Ace Fekay
    MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    Tuesday, August 16, 2011 10:17 PM

All replies

  • It will mess with short name resolution, for example if you are using WINS and have a WINS record for TRADING which resolves to IP 192.168.0.1 If you try and ping TRADING your client will resolve to the WINS record before resolving to the new "TRADING" zone. Now if you have records for objects inside TRADING, say SERVER1.TRADING that will resolve ok as long as your clients have the DNS SUFFIX for TRADING again the order of the suffix will matter if you have identical resource names in TRADING.COM and TRADING as it processes the DNS SUFFIX in order.

    Before creating the zone I would make sure there is a real need there, if you give DEVS everything they want on your production network it will be destroyed in no time.

    • Proposed as answer by JamesPotter Tuesday, August 16, 2011 9:15 PM
    Tuesday, August 16, 2011 9:14 PM
  • This good, I felt this was a bad idea, I just hadn't taken the time to figure it out.  If you have anymore potential issues, please post.
    Tuesday, August 16, 2011 9:23 PM
  • To add and be more specific, a name such as "trading" being a single label name, is an illegal DNS domain name. This is because DNS is an hiearchal name tree structure.  Therefore, DNS domain names must be in a minimal form of two levels, such as trading.com, trading.net, etc.

    Furthermore, the client side resolver on Windows XP and newer, as well as Windows 2000 SP4 and newer, is designed to not resolve single label DNS domain names. This was due to the way DNS tries to resolve single label names that was causing problems with the Root Servers on the internet. YOu can read more specifics on this, if you like in this link:

    Active Directory DNS Domain Name Single Label Names
    Published by Ace Fekay, MCT, MVP DS on Nov 12, 2009 at 6:25 PM  641  0
    http://msmvps.com/blogs/acefekay/archive/2009/11/12/active-directory-dns-domain-name-single-label-names.aspx

     

    You can try what James suggested to use WINS and have a single label name entry in WINS, that is if you're using WINS, but the only problem with that is if you have more than one domain controller. Each DC will register into WINS its domain name as a service name. So if there are more than one, then it may not return the correct name when trying to resolve it. So you can't do it with the NetBIOS name of the domain.

    If this were a hostname, it would be a little easier resolution, but since you're asking about using the a single name that happens to be the domain name, it ciomplicates it a bit.

    As for DFS, that is based on the LdapIpAddress to find the domain DFS roots. The LdapIpAddress is the record that EACH domain controller registers as the "same as parent" name. In your case, it would be the trading.com record. You can look in DNS and see one registered for each DC (assuming dynamic DNS is properly functioning).

     

    If you can elaborate how the developer wants to use this name, we can offer a more specific solution or recommendation.

     

    Ace

     


    Ace Fekay
    MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    Tuesday, August 16, 2011 10:17 PM
  • if anyone else has an idea I would like to hear it.
    Wednesday, August 17, 2011 2:24 PM
  • this is very well done, thank you
    Wednesday, August 17, 2011 5:25 PM
  • You are welcome. :-)

    Cheers!


    Ace Fekay
    MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    Wednesday, August 17, 2011 6:42 PM
  • I've had another suggestion to this request.  Instead of adding trading as a top domain, the request is to add it to trading.local, so it would look like this.

     

    trading.trading.local  - domain

    server1.trading.trading.local - host name

     

    I don't see a problem with this, does anyone else?

    Tuesday, August 23, 2011 3:36 PM
  • Then what name will you connect by using a URL?

    Then you're saying it's a server name or resource record name, not a domain name, what you were originally inquiring about. If you do that, and your current DNS name is trading.com, and you're current NetBIOS domain name is TRADING, then there will be a NetBIOS name contention creating a resource name called tradiing under the trading.com or trading.local zone.

     


    Ace Fekay
    MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn
    Tuesday, August 23, 2011 4:45 PM
  • Originally trading was going to be a stand alone top level domain, but now it would be a sub domain under the trading.local domain, so it would look like this:       

     

    trading.trading.local   - trading would be the subdomain, trading.local would be the root domain. 

     

    server1.trading.trading.local - this would be a resource


    http://webserver.trading.trading.local - this would be another resource

     

    What are your thoughts?

     

    Tuesday, August 23, 2011 5:24 PM
  • does this look ok?
    Wednesday, August 24, 2011 7:50 PM
  • It's not a domain name, which was your intention, correct? Also, there's the possibility that it may reject the name if set on a machine due to being a duplicate of the NetBIOS domain name, assuming the NetBIOS domain name is TRADING and the DNS name is trading.local.

    However, you can try it and test it. I think it may work if just a DNS resource, however if you try to connect via http://trading, then you may still get the domain controllers.


    Ace Fekay
    MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn
    Thursday, August 25, 2011 1:59 AM
  • I agree, I think it will be alright, as it's a vast difference from the original request.  Thanks again for all your help.
    Thursday, August 25, 2011 1:22 PM