Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Domains - naming conventions

Status
Not open for further replies.
Hondy

Hondy

Technical User
Joined
Mar 3, 2003
Messages
864
Location
GB
Hi

Quite a straight forward one really, I'm going to put in a 2008 domain - are there any conventions to follow?

If you had a website domain name (e.g. host = is there any benefit to naming your 2008 domain example.com or should you avoid it completely and call it something else like exampledomain.com or domain.whatever ?

Thanks
 
Sort by date Sort by votes
It's the same as with 2003. Using the same domain name for your internal domain and externally available domain can be done, but there are a couple of issues. The biggest one is that you'll have an Internet DNS server for your Internet domain (often provided by your web hosting service) and then separate DNS servers for your internal domain. In that case you'll have to manually create and manage DNS entries for your external sites in your internal DNS, and there's potential for confusion. There are a couple of other ways to work it, but it ends up being a bit of a pain.

Usually I recommend that if your internet domain is bobswidgets.com then you should set up your internal/Windows domain as bobswidgets.local.

________________________________________
CompTIA A+, Network+, Server+, Security+
MCSE:Security 2003
MCITP:Enterprise Administrator
 
Upvote 0 Downvote
ok, sounds good.

How about using a single domain across multiple firewall tiers or is it worth doing like

webtier.bobswidgets.local
datatier.bobswidgets.local

and do a trust - or is it best just to do a single root domain?

Cheers

 
Upvote 0 Downvote
It's generally not worth it to have multiple domains unless you're using a decentralized support model. You can use one domain, assuming the firewalls are properly configured to allow the correct traffic through.

But I would caution against using .local if you're ever going to have Macs in your environment. Using something like .int

Pat Richard
Microsoft Exchange MVP
Contributing author Microsoft Exchange Server 2007: The Complete Reference
 
Upvote 0 Downvote
ok great, thanks guys

would you avoid using .COM and all other TLDs on internal namespaces? I take it yes you would avoid them - but why?

Cheers
 
Upvote 0 Downvote
Using child domains/subdomains across firewall tiers is certainly possible. You could put bobswidgets.com on the Internet side in the DMZ and host your own DNS server. Then you create internal.bobswidgets.com and delegate authority for it to your internal DNS servers. Just make sure that your firewalls do not allow DNS requests to the internal servers from the Internet or the DMZ, otherwise people will be able to enumerate your internal organization. For my money, that actually ends up being more complicated and risky that doing the "split-brain" method I outlined before.

Regarding the TLD, if you are not going to have the DNS namespace externally available then I would advise against using any publicly available TLD, especially if you don't own the namespace. Though it might be unlikely, it's certainly possible that someone could set up a duplicate namespace on the Internet side that will cause problems with your internal DNS. For example, I can technically use microsoft.local or microsoft.com as my internal DNS namespace. But if I use microsoft.com then I'm going to have serious name resolution issues. I can use microsoft.local and not have any issues, because .local is an invalid TLD. Of course, I wouldn't use microsoft.local, because I'm not Microsoft.

It is possible to use a .com, .net, or other TLD for your internal namespace without making it a security risk. All you have to do is make sure that your domain has no records in the Internet DNS, and then nobody can find it. And even if they could find it, they'd still have to be able to access it to get anything useful. The biggest issue is the confusion between internal/external namespaces using the same name.

________________________________________
CompTIA A+, Network+, Server+, Security+
MCSE:Security 2003
MCITP:Enterprise Administrator
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Encino40
  • Locked
  • Question Question
Move user between child domains
Replies
1
Views
246
Encino40
Encino40
jim178
  • Locked
  • Question Question
accessing domains with net use
Replies
2
Views
278
m755
m755
goombawaho
  • Locked
  • Question Question
Backup Destination Drive Naming in WBADMIN
Replies
2
Views
254
goombawaho
goombawaho
notShai
  • Locked
  • Question Question
2 domains, 03/08, 2 DNS's, 1 headache?
Replies
0
Views
150
notShai
notShai
zarkon4
  • Locked
  • Question Question
domains in forest not communicating
Replies
5
Views
353
zarkon4
zarkon4

Part and Inventory Search

Sponsor

Back
Top