Registered Domain Name or NOT?

Posted on 2005-05-05
Last Modified: 2010-04-10
I'm trying to get some opinions and directions on a network infrastructure question?

We're planning on implementing a new contact management type product across our WAN.  We have two locs with hardware VPN setup (watchguard) and managing our tunnel between our two LANs.  Loc1 192.168.12.x and Loc2 192.168.13.x   Active Directory at the main loc1 replicating with an AD server in our second loc.  

Our internal domain name is not a truly registered domain name, so doesn’t resolve over the Internet or anything.  E.g.  All users and machines log into this domain.  Well the new contact software server is a 2003 server joined to our 2000 AD, so its FQN is  That product requires that the FQN is resolved over the Internet, so users can use the Apps client interface and of course it will need a public address.  I am not sure what the ramifications/advantages are of making our name a truly registered domain and the effects it will have on our security.  This is where my Active Directory knowledge gets limited!!!????  I am thinking giving the new contact server a public address and setting up a 1-1 NAT in the firewall to get it accessible, but a key factor is, although the product is technically a webserver, we're not to put it out in our existing DMZ b/c it has critical company data on it.  Go figure!!???  I'm know some manual DNS entries so the internal/external users can resolve the new server by it's FQN, but I'm not sure for what situations I'll have to do that yet!!!???

We also have a hosted domain name that I may possibly want to consider using if at all possible, but I'm thinking configuring that to work with DNS, internal on our AD server, and external DNS servers, maybe more complicated?  

Basically, I'm looking for some insight on the best approach to this implementation.  Some suggested routes.  Sorry if this isn't clear.

Question by:dee30
    LVL 4

    Expert Comment

    Man i hate active directory.. sigh

    Which contact management app are you installing?  I have found that manual edit of DNS is sometimes a
    good way (as long as the DNS server is local and using AD) to get around the FQDN problem with some software.  Not the best answer but you've got your hands full..

    LVL 6

    Accepted Solution

    AD isn't that bad, you just have to know how to use it.  (Does miss the simplicity of the PDC/BDC method).

    You should have two domains on your system (this is what you have outside)
    domainname.local (this is what you see inside)

    You have a Watchguard, so you should have an "optional" port.  Plug those "DMZ'ed" server in there (use a switch if needed), and have the firewall do the DNS to make the optional and trusted networks talk.



    Author Comment


    How do confirm that is setup correclty in AD, would be my first basic question? Are there some easy steps.  I'll be taking my AD book home for review. Too bad they don't make cliff notes for that.

    Note, right now all machines are set to belong(added) to only  This would be the same domain I have added the new server to and need to be able to resolve the FQN for, e.g.  Security wise is this a good plan? I know how to set it up in our DMZ off the optional, but at this point am not sure that is what we'll be doing, b/c the new server will have financial info.

    LVL 6

    Expert Comment

    Here's a small walkthrough.

    If they made cliff's notes for AD, that thing would still be 200 pages long.


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Threat Intelligence Starter Resources

    Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

    Suggested Solutions

    Let’s list some of the technologies that enable smooth teleworking. 
    ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

    760 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now