asked on

Domain Naming

I am setting up a brand new DC for a new Forrest at a corporate headquarters. I will be eventually putting in an SQL Server and an Exchange server. What domain name should I use for this primary DC. I want to make sure everything resovles properly after I get DNS and Active directory in place.

I set up DCs before on smaller implenmentations, and I am just starting to take my upgrade for my Winnt MCSE, but I don't want to foul this up. Some had told me to just use the domain name of my company, and other told me this was wrong.

What is best practive? If I own the Internet domain name "xyz.com", do I create my domain in DNS as "xyz.com" in active directory, or should I use a different name. Should I use hq.xyz.com, or use something completely different like hq.xyz? This site will always be the primary site for AD.

Barthax

While Active Directory primarily uses DNS for names to be resolved, it can be entirely seperate from the Internet's DNS - don't forget that the Internet's DNS does not have to proliferate into your internal naming convention. Many installations will simply use <company>.local or some derivate of the company name. Note that RFC 2606 deals with top level domain names that have been reserved - as far as I know .local is not reserved, but is logically unlikely to become used on the Internet, so is most likely safe.

If you do decide to use a "live" DNS name for the internal network, then you could run into problems if someone wants to browse/ftp/whatever to the real (presumably external) DNS.

RFC 2606: http://www.ietf.org/rfc/rfc2606.txt?number=2606

mikeleebrla

Basically you can set it up either way you would like either xyz.local OR xyz.com. If you set up your DNS correctly both will work fine. I personally like setting up my registered domain name (xyz.com for example) to be the same as my internal DNS name. IE so they are both xyz.com. This way users can use the same domain name regardless of if they are on your lan or at home. Again the trick is setting up your DNS servers correctly. If you use xyz.com for both your internal and external DNS name then you internal (AD) dns server will respond to DNS queries with your LANs private address range (192.168.x.x for example). Your external DNS server would respond with the public IP addresses of your externally exposed servers (mail and WWW).

for example

internal would point www.xyz.com to 192.168.1.1 where 192.168.1.1 is the LAN address of your www server
external would point www.xyz.com to 1.2.3.4 where 1.2.3.4 is the public IP of your www server.

this way everything is transparent to your users IE they always get to your www server using the exact same dns name (www.xyz.com) and there is no messing around with any www.xyz.local stuff.

Steve McCarthy, MCSE, MCSA, MCP x8, Network+, i-Net+, A+, CIWA, CCNA, FDLE FCIC, HIPAA Security Officer

I tend to like the other route, keeping my internal network seperated from my Internet presence. While I have xyzcity.com as my domain name, my internal network is cityhall.xyzcity.com. I have seen some issues in the past where named the same there were problems, as Barthax states, but then too I have seen them work fine.

It is a call you will have to do. The nice thing is that if I have cityhall.xyzcity.com and we expand alot, then my fire department, say would be firedept.xyzcity.com, etc., For me it keeps it all organized and logical.

As I said though and as mikeleegria said, you can set it up either way.

ASKER CERTIFIED SOLUTION

divi2323

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

Steve McCarthy, MCSE, MCSA, MCP x8, Network+, i-Net+, A+, CIWA, CCNA, FDLE FCIC, HIPAA Security Officer

For Exchange, my MX for my xyzcity.com points to my Exchange server on cityhall.xyzcity.com and works fine.