Split DNS is the way to go if you have the .local domain naming. Otherwise having your organization domain as org.domain.com might be better as to not use your main domain.
@Mike-Davis He is actually asking this in regards to my network. We have one root domain with two subdomains, all on their own subnets. How mine differs from the OP is both the primary and secondary DNS are in the main building attached to the root domain. We only use static IP's. There is no DHCP here. We don not even use wireless, although that will change in the near future.
What Wire didn't mention is that all servers and all clients in the entire organization use those two DNS servers at headquarters. That seems very odd to me.
FYI - Wire just came on with that client, so he didn't set this up.
I can't believe I didn't do this a while back. No more chroots to run real applications. I also have my home folder on a 128GB USB 3 flash drive that's pretty tiny. It's a pretty nice and cheap setup.
Unless you are an actual end users, I can't imagine wanting to use ChromeOS instead of a "real" OS.
DDoS depends on public addresses acting as a clients pounding your DNS server with thousands of recursive queries at once. If your DNS server isn't public, then it isn't a open resolver, and a client on the internet can't query it directly.
In our case, we have a local DNS server, available to the internet, as a backup to our ISP-hosted DNS. This server is typically vulnerable. But it's set with a higher cost so it won't be used unless ISP goes down.
So as is with most things. I actually did set an address for Bind in named.conf. I just needed to add the ip address to listen on and add the zone for recursion and it's working now. Thanks!
If you only have Samba controllers, hell it might work.
that's the normal way to use it. Mixing it in would just be weird. Lots of companies run on just it, it works great from what I hear. I've never heard of a shop that had issues after moving to it. It's full AD with all the bells and whistles. You can even manage it from Windows and GPOs work great too.
I saw somewhere online someone set up an environment that way and used RSAT from a Windows 7 computer to do GPO and users/computers.
Can't you give Mandrill your DKIM private key? Of course that's probably not wise. In which case I'd setup a sister domainname for this purpose.
DKIMs seem interesting. Though without Secure DNS I'm not sure what good it really does, the Public Key listed in non Secure DNS can be spoofed by a MITM attack - though I'm not sure how much of a real concern that is.
@scottalanmiller That's the whole reason I want DNS setup. I want to be able to SSH by hostname, not IP address, however I guess your right, maybe I just need to setup the host names on the jumpbox.
that's all that I do. Maintain the /etc/hosts file and I never run into a need to use IP Addresses since I don't SSH from random box to random box.