Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


Domain Naming

Posted on 2005-03-14
Medium Priority
Last Modified: 2010-04-10
I am setting up a brand new DC for a new Forrest at a corporate headquarters.  I will be eventually putting in an SQL Server and an Exchange server.  What domain name should I use for this primary DC.  I want to make sure everything resovles properly after I get DNS and Active directory in place.

I set up DCs before on smaller implenmentations, and I am just starting to take my upgrade for my Winnt MCSE, but I don't want to foul this up.  Some had told me to just use the domain name of my company, and other told me this was wrong.

What is best practive?  If I own the Internet domain name "xyz.com", do I create my domain in DNS as "xyz.com" in active directory, or should I use a different name.  Should I use hq.xyz.com, or use something completely different like hq.xyz? This site will always be the primary site for AD.
Question by:Javier196
LVL 19

Expert Comment

ID: 13537947
While Active Directory primarily uses DNS for names to be resolved, it can be entirely seperate from the Internet's DNS - don't forget that the Internet's DNS does not have to proliferate into your internal naming convention.  Many installations will simply use <company>.local or some derivate of the company name.  Note that RFC 2606 deals with top level domain names that have been reserved - as far as I know .local is not reserved, but is logically unlikely to become used on the Internet, so is most likely safe.

If you do decide to use a "live" DNS name for the internal network, then you could run into problems if someone wants to browse/ftp/whatever to the real (presumably external) DNS.

RFC 2606: http://www.ietf.org/rfc/rfc2606.txt?number=2606
LVL 25

Expert Comment

ID: 13538409
Basically you can set it up either way you would like either xyz.local OR xyz.com.  If you set up your DNS correctly both will work fine.  I personally like setting up my registered domain name (xyz.com for example) to be the same as my internal DNS name.  IE so they are both xyz.com.  This way users can use the same domain name regardless of if they are on your lan or at home.  Again the trick is setting up your DNS servers correctly.  If you use xyz.com for both your internal and external DNS name then you internal (AD) dns server will respond to DNS queries with your LANs private address range (192.168.x.x for example).  Your external DNS server would respond with the public IP addresses of your externally exposed servers (mail and WWW).

for example

internal would point www.xyz.com to     where is the LAN address of your www server
external would point www.xyz.com to            where is the public IP of your www server.

this way everything is transparent to your users  IE they always get to your www server using the exact same dns name (www.xyz.com) and there is no messing around with any www.xyz.local stuff.
LVL 18
ID: 13539151
I tend to like the other route, keeping my internal network seperated from my Internet presence.  While I have xyzcity.com as my domain name, my internal network is cityhall.xyzcity.com.  I have seen some issues in the past where named the same there were problems, as Barthax states, but then too I have seen them work fine.

It is a call you will have to do.  The nice thing is that if I have cityhall.xyzcity.com and we expand alot, then my fire department, say would be firedept.xyzcity.com, etc.,  For me it keeps it all organized and logical.

As I said though and as mikeleegria said, you can set it up either way.

Accepted Solution

divi2323 earned 1000 total points
ID: 13539910
something no one has touched on yet is the exchange server, and the email addressing issue.

I do like samccarthy's approach of using a delegated subdomain of your domain name.  i usually set up ad.companyname.com for my clients, but your situation is unique.  eveyrone has mentioned DNS, and this is the biggest issue for you.  whichever route you go, you're going to run into some kind of trouble.  i'm more worried about the email services you're going to run with exchange.  if you go with yadda.local, you are going to have more configuration to do in order to get your exchange server to accept internet email.  again, going with a delegated subdomain, ad.yadda.com would prove difficult as well.

personally if security isnt a big issue, go with your company name for your domain name.    yadda.com.   this should simplify things later for you with regard to DNS and email addressing.  Just remember that you need to set up your DNS servers to point to external sites for things like:  www.yadda.com if it is hosted at another location.  if you're hosting everything internally, by all means go with yoru company name.
LVL 18
ID: 13540331
For Exchange, my MX for my xyzcity.com points to my Exchange server on cityhall.xyzcity.com and works fine.

Featured Post

Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
LinkedIn blogging is great for networking, building up an audience, and expanding your influence as well. However, if you want to achieve these results, you need to work really hard to make your post worth liking and sharing. Here are 4 tips that ca…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

581 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question