Domain Naming

Posted on 2005-03-14
Medium Priority
Last Modified: 2010-04-10
I am setting up a brand new DC for a new Forrest at a corporate headquarters.  I will be eventually putting in an SQL Server and an Exchange server.  What domain name should I use for this primary DC.  I want to make sure everything resovles properly after I get DNS and Active directory in place.

I set up DCs before on smaller implenmentations, and I am just starting to take my upgrade for my Winnt MCSE, but I don't want to foul this up.  Some had told me to just use the domain name of my company, and other told me this was wrong.

What is best practive?  If I own the Internet domain name "xyz.com", do I create my domain in DNS as "xyz.com" in active directory, or should I use a different name.  Should I use hq.xyz.com, or use something completely different like hq.xyz? This site will always be the primary site for AD.
Question by:Javier196
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 19

Expert Comment

ID: 13537947
While Active Directory primarily uses DNS for names to be resolved, it can be entirely seperate from the Internet's DNS - don't forget that the Internet's DNS does not have to proliferate into your internal naming convention.  Many installations will simply use <company>.local or some derivate of the company name.  Note that RFC 2606 deals with top level domain names that have been reserved - as far as I know .local is not reserved, but is logically unlikely to become used on the Internet, so is most likely safe.

If you do decide to use a "live" DNS name for the internal network, then you could run into problems if someone wants to browse/ftp/whatever to the real (presumably external) DNS.

RFC 2606: http://www.ietf.org/rfc/rfc2606.txt?number=2606
LVL 25

Expert Comment

ID: 13538409
Basically you can set it up either way you would like either xyz.local OR xyz.com.  If you set up your DNS correctly both will work fine.  I personally like setting up my registered domain name (xyz.com for example) to be the same as my internal DNS name.  IE so they are both xyz.com.  This way users can use the same domain name regardless of if they are on your lan or at home.  Again the trick is setting up your DNS servers correctly.  If you use xyz.com for both your internal and external DNS name then you internal (AD) dns server will respond to DNS queries with your LANs private address range (192.168.x.x for example).  Your external DNS server would respond with the public IP addresses of your externally exposed servers (mail and WWW).

for example

internal would point www.xyz.com to     where is the LAN address of your www server
external would point www.xyz.com to            where is the public IP of your www server.

this way everything is transparent to your users  IE they always get to your www server using the exact same dns name (www.xyz.com) and there is no messing around with any www.xyz.local stuff.
LVL 16

Expert Comment

ID: 13539151
I tend to like the other route, keeping my internal network seperated from my Internet presence.  While I have xyzcity.com as my domain name, my internal network is cityhall.xyzcity.com.  I have seen some issues in the past where named the same there were problems, as Barthax states, but then too I have seen them work fine.

It is a call you will have to do.  The nice thing is that if I have cityhall.xyzcity.com and we expand alot, then my fire department, say would be firedept.xyzcity.com, etc.,  For me it keeps it all organized and logical.

As I said though and as mikeleegria said, you can set it up either way.

Accepted Solution

divi2323 earned 1000 total points
ID: 13539910
something no one has touched on yet is the exchange server, and the email addressing issue.

I do like samccarthy's approach of using a delegated subdomain of your domain name.  i usually set up ad.companyname.com for my clients, but your situation is unique.  eveyrone has mentioned DNS, and this is the biggest issue for you.  whichever route you go, you're going to run into some kind of trouble.  i'm more worried about the email services you're going to run with exchange.  if you go with yadda.local, you are going to have more configuration to do in order to get your exchange server to accept internet email.  again, going with a delegated subdomain, ad.yadda.com would prove difficult as well.

personally if security isnt a big issue, go with your company name for your domain name.    yadda.com.   this should simplify things later for you with regard to DNS and email addressing.  Just remember that you need to set up your DNS servers to point to external sites for things like:  www.yadda.com if it is hosted at another location.  if you're hosting everything internally, by all means go with yoru company name.
LVL 16

Expert Comment

ID: 13540331
For Exchange, my MX for my xyzcity.com points to my Exchange server on cityhall.xyzcity.com and works fine.

Featured Post

Moving data to the cloud? Find out if you’re ready

Before moving to the cloud, it is important to carefully define your db needs, plan for the migration & understand prod. environment. This wp explains how to define what you need from a cloud provider, plan for the migration & what putting a cloud solution into practice entails.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
This program is used to assist in finding and resolving common problems with wireless connections.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question