Windows AD DNS Server Per NIC Responses with ZeroTier
-
@dafyre said:
You know as well as I do that a Lab environment needs to be isolated from the network.... can. I want to know if the tech can do what I want it to do. No other reason is necessary.
This is the bit that I was concerned about. Lacking the lab isolation that I was suggesting. I realize not everyone needs their lab fully isolated, just seems simpler since it would be safer, easier and fix the issue that this thread was about all in one step. I'm saying that a fully isolated lab is easier.
-
Also, wouldn't this lab still be fully part of the AD network since it's using the same DNS servers? If the answer is yes, then it's not really a lab, it's an extension of the production network.
-
@Dashrender said:
Also, wouldn't this lab still be fully part of the AD network since it's using the same DNS servers? If the answer is yes, then it's not really a lab, it's an extension of the production network.
No, not in that way. AD would be extended by LDAP and Kerberos. DNS is just a lookup service. Although this would theoretically expose information about AD, not very much. For full separation you would go with separate DNS in each place. But sharing DNS is pretty trivial as exposure goes.
-
@scottalanmiller said:
@Dashrender said:
Also, wouldn't this lab still be fully part of the AD network since it's using the same DNS servers? If the answer is yes, then it's not really a lab, it's an extension of the production network.
No, not in that way. AD would be extended by LDAP and Kerberos. DNS is just a lookup service. Although this would theoretically expose information about AD, not very much. For full separation you would go with separate DNS in each place. But sharing DNS is pretty trivial as exposure goes.
if the lab machines aren't part of AD, how are they adding entries to DNS? This is all assuming a Windows DNS.
-
@Dashrender said:
if the lab machines aren't part of AD, how are they adding entries to DNS? This is all assuming a Windows DNS.
I think that I missed that they were adding their own entries. You can add things manually to DNS.
-
If you use Windows for DHCP, Linux can update DNS records that way without being part of AD:
http://www.virtxpert.com/allow-linux-to-register-records-with-windows-dns-and-dhcp/
-
I mention Linux here because it is the most extreme case. If Linux can do it, Windows can too.
-
Chances are if Linux can do it, it probably does it better than Windows, lol.
-
@dafyre said:
Chances are if Linux can do it, it probably does it better than Windows, lol.
And even moreso when virtualized.
-
@dafyre said:
Chances are if Linux can do it, it probably does it better than Windows, lol.
I would second that.
