Can AD domains/forests (LAN & DMZ) share a DNS domain?
From: Erick Thompson (ethompson)
Date: 09/25/02
- Next message: Sue Hoegemeier: "Re: Reading SysProcess System Table to find idle processes"
- Previous message: Alli: "Client Enterprise manager security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Erick Thompson" <ethompson at nbr.org> Date: Tue, 24 Sep 2002 16:04:41 -0700
I am going to be setting up a new AD network. The network has 3 parts
(subnets), the LAN, a DMZ with the SQL Server, and a public network,
connected with a firewall/router. The public network won't be part of the AD
structure. My current plan is to set up AD in the following way.
1. Create a forest and nbr.local domain in the LAN
2. Create a new forest for the DMZ and a dmz.nbr.local domain
3. Make dmz.nbr.local trust nbr.local but not vise versa (so I can use
integrated security in SQL)
Is this going to work? Is this a good way to partition security?
My main concern is that the forest dmz.nbr.org is a subdomain of nbr.org, at
least as far as DNS is concerned. I could see this causing me problems (two
forests sharing a domain). Also, this is the solution I have come to so far,
but I'm sure there other ways. I'd really like to hear how other people
setup this type of network.
Thanks,
Erick
- Next message: Sue Hoegemeier: "Re: Reading SysProcess System Table to find idle processes"
- Previous message: Alli: "Client Enterprise manager security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
