views:

167

answers:

1

I've been reading up on DNS, and I've been quite interested on custom application directory partitions. Active-Directory uses them, but, as a developer, how can I extract the most out of them? What possible applications and real-world scenarios could I address and solve using custom application directory partitions? What problems can be solved, or are better solved, using them? I ask this from an architecture's point of view.

Or maybe there aren't any, and they should be used for Active Directory only. I doubt it, but I would like some perspectives and ideas on the matter.

Thanks

+1  A: 

Hi, I’m an AD Consultant. I’ve done a bit of work with DNS application partitions in the past and am presently looking to utilise them in my current environment. I wanted to find out where others are using them and stumbled across your question. Maybe writing this will help consolidate my thinking too!

Imagine you are part of a large corporate AD domain with internal DNS name resource.coporate.local. Your organisation is geographically spread out with offices all over the world and your security polices for patch management, antivirus, proxy usage are all the same across the world. Your user base travels around quite a bit and their laptops have static mappings or paths to resources (Internet proxy; Login scripts; AV update servers; Windows update servers etc) which would be too far too reach and thus slow to access when on the other side of the world. By utilising DNS application partitions and creating one application partition per site, country or continent (whatever detail you can afford to administer) you can in a way ‘con’ the workstation into thinking that it is accessing the same host as if it were at it’s home location (the server/resource name is statically specified after all). Whereas in fact it is accessing a resource at your site of visit known by the same ‘name’ (It’s just a Host to IP mapping after all). A good application partition design works hand in hand with DHCP scope option 15 or the GPO setting for DNS Suffix Search List.

A practical example: I work in the London office of a large corporate. My laptop has a Group Policy applied to it which tells it to get all Windows Updates from a server with IP 10.10.10.1, A-hosted in DNS with name: ‘WSUS01’ (which exists in the london.resource.corporate.local DNS application partition).

I then travel to Syndey. A day later the Windows Update GPO kicks in and I need to apply 10 updates each at 1MB each. Providing my machine has been told to look at the correct application partition via DHCP or DNS Suffix Search List, my machine will attempt to contact the host WSUS01 within my local DNS application partition, in this case hopefully configured to be sydney.resource.corporate.local. Thus making the download much quicker because I’m accessing a local resource. Also works well with proxies. Can you imagine travelling to Sydney and sitting in the office using an Internet proxy which is in the London office. All this to access a website based in Australia itself! Hopefully you get my point! ;)

Regards, Nadim Janjua

Thanks so much for your answer and your time. That is, indeed, a good application for custom application directory partitions
Pascal