We implemented DNS Views. We have seperate public, DMZ, and internal views into DNS.
JASBURY27: I don't understand your primary site design. Why didn't you simply add a 1-to-1 NAT on the inbound interface to make the LDAP interior IP address visible to your boxes in the DMZ?
JDAVIS: but he has a point, in a remote location, you may not want to point LDAP at the same LDAP hosts your other data center is using. You probabably have a local LDAP (AD) server in the remote location (e.g. for a local exchange box, faster user logins). You'd want to use that LDAP instead of the primary site LDAP.
ALL: adding a 2nd control center will cause problems if you are doing per-user spam quarantines, as the user may get a digest from EACH control center.
I'll post an IDEA
https://www-secure.symantec.com/connect/idea/site-ldap-configuration-options