Many organizations may make use of two or more DNS servers--one for internal users and one for the rest of the world via the Internet. In addition, these organizations also use Active Directory integrated DNS to allow for easier management.
In some cases it may be necessary to forward requests sent to these DNS servers differently, based on the location of the requester; this is what's known as split-brain DNS usage. This concept came about because some requests need to be forwarded differently if they go to the internal DNS server versus the request that would go to the publicly available DNS server, and Windows Server 2003 can handle this DNS behavior.
Let's look at split-brain DNS in Windows 2003 using Active Directory integrated DNS.
When does split-brain syndrome occur?
Organizations that have multiple internal domain names such as sales.company.com and research.company.com can run into a problem with split-brain DNS because each domain requires DNS to work properly with Active Directory.
If I'm a user in research.company.com domain and I need to find a Web address or a computer at sales.company.com, there may be an issue when my DNS server tries to forward this request. The request goes to the DNS server for my domain, and the domain then passes it off to the public DNS servers for my company; when this happens, the DNS resource I'm looking for needs to be on the Internet for the server to find it.
Because the resource I'm looking for is in a different internal domain, then there's no chance of the external DNS server finding it in a typical DNS scenario.
Windows server 2003 can combat this issue by using conditional forwarding. Conditional forwarding specifies that certain requests should not be forwarded to public servers, but instead forwarded directly to a specific server within your environment.
This way, if I'm in the research.company.com domain and I need to get to a resource in the sales.company.com domain, when the DNS request gets to my domain's DNS server, it can be sent directly to the other domain's DNS server. To the user, this is a seamless process that directs them to the correct resource.
How is conditional forwarding configured?
- On a Windows Server 2003 domain controller, open the DNS console.
- Right-click the DNS server you wish to work with and click Properties.
- Select the Forwarders tab of the DNS properties dialog box for the selected server.
- Click the New button to the right of the DNS domain list.
- Enter the domain name for which the conditional forwarders should be configured -- for example, sales.company.com -- and click OK.
- Click on the new domain forward that you just added in DNS domains list and type the IP address of the primary DNS server for that domain in the box below, labeled Selected Domains Forwarder IP Address List.
- Click the Add button.
Note: For conditional forwarders to work, all the DNS servers in your Active Directory environment must run Windows Server 2003.
This simple change and setup can enable multiple subdomains to exist in your Active Directory environment.