> The main difference between how MSU does network and corporations is that most corporate environments use NAT to separate internal and external networks. This allows them to create internal and external DNS zones, where AD only exists in the internal DNS. So external users can type domain.com and be redirected to www.domain.com. But because MSU uses public IP addresses, I don't think it's possible to create these separate zones. > > Joshua Wortz TLE funding for the coming year is going to provide MSU with some snazy new DNS servers. Among the new features we plan to add with those upgrades is the ability to do zones capable of providing a different view when you are "on campus" vs. "off campus". We also plan to improve the redundancy and fail-over of the servers by implementing AnyCast. Also the other question later on in the thread about the University becoming it's own CA: That is INSANELY difficult and expensive to do right. It has been considered. We have no plans to do so that I am aware of. -- Jeff Utter Network Manager Academic Technology Services