strongly discouraged, since it may lead to the ambiguity in name resolution processes.
In this section the focus is on the design of the private namespaces and the configuration of the DNS servers and zones. The specifics of two different designs are presented by considering two companies using private namespaces of different structure. These two companies, YYY and ZZZ Corporations, have reserved the DNS domain name suffixes, yyy.com. and zzz.com. The general approach to DNS configuration is to have internal (those that are accessible from internal clients only) and external DNS servers. External DNS servers contain the records that are supposed to be exposed to the Internet. The internal DNS namespace may contain a private root, in which case all internal clients that are anticipated to require name resolution must support Name Exclusion List or Proxy Autoconfiguration File to distinguish whether to direct name resolution queries to the proxy server or internal DNS server. An alternative approach is to configure internal DNS server(s) to forward to the Internet unresolved queries. Depending on the type of the clients that require DNS name resolution, the DNS configuration may be quite different. Four types of clients are distinguished based on their software proxy capability:
•proxy unaware,
•supporting LAT (Local Address Table),
•supporting Name Exclusion List, and
•Supporting Proxy AutoConfiguration file.
If name resolution is required by proxy unaware clients, or clients supporting only LAT, then the private DNS namespace can’t have a private root and one or more internal DNS servers must forward to the Internet unresolved queries.
As recommended in the previous section, the desired internal namespaces would be corp.yyy.com. and corp.zzz.com.
If the internal and external namespaces overlap, the configuration becomes more complicated. The example of such overlap is external web server www.yyy.com. and internal computer host1.yyy.com. This approach introduces some complications to the internal DNS configuration:
•to enable an internal computer to resolve the name of an external server and contact it, all clients must support Proxy AutoConfiguration File, unless external servers are cloned internally and external DNS records are copied internally (which increases the total cost of ownership due to required additional hardware and administration), or external DNS records are copied internally and the firewall is properly configured to enable internal clients to contact external servers,
•if all clients support Proxy AutoConfiguration File, then the file must be configured appropriately to distinguish internal and external computers with the same suffixes (as in the example above, with www.yyy.com. and internal computer host1.yyy.com.).
Windows 2000 White Paper
47