Microsoft Active Directory uses DNS to enable servers and workstations to locate services (such as domain controllers) running within the Active Directory namespace.
To support an Active Directory domain called example.org, DNS servers that manage the example.org subdomain must be available to your domain controllers and workstations. The domain name that your AD uses is called your internal DNS namespace. The domain that you have registered for use on the internet (either as a service provider, or as an internet client) is called your external DNS namespace.
The two namespaces do not have to be the same, giving rise to three main architectures:
- Internal and external DNS namespace are the same - use your unit DNS domain for your AD - this is our recommended and most common deployment
- Internal DNS namespace with referral to a different external DNS namespace - this might be the case if your unit DNS has changed since your AD was configured, or if you need to operate more than one AD domain within your unit
- Internal DNS namespace only, used only on your own network - an unlikely configuration at Oxford as this excludes internet access and not detailed below
Microsoft provides further details on DNS namespace planning, using disjoint namespace, and split-brain DNS.