Internal Domain name

I want to makesure that it is alright to call my windows 2003 domain    mydomain.lan   ?  

focusenAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

NJComputerNetworksCommented:
yes this is fine
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
TheCleanerCommented:
yep...anything.anything would work too...it doesn't matter what you call it (within reason) as long as it has the structure of:

domainname.TopLevelDomainName
0
NJComputerNetworksCommented:
it is best, to name the domain something other then your register Internet domain name:

For example. if your registered internet domain name is COMPANY.COM, it is best not to name your internal Windows domain company.com

Instead name it something different like:  company.local, company.bob, company.lan, company.anything, company.dot, company.interal, company.dlkjasdlkjfa, company-internal.lan, company-internal.local, etc


0
Cloud Class® Course: CompTIA Cloud+

The CompTIA Cloud+ Basic training course will teach you about cloud concepts and models, data storage, networking, and network infrastructure.

TheCleanerCommented:
While I understand the recommendation that NJ said about using different internal/external domain names (as per MS recommendations), I personally disagree.

I think seting up a split-DNS (which is required if you do use the same internal/external names) is simple to do, and makes working with mail servers, web sites you host, etc. easier in my opinion.

For instance, if I have OWA.domain.com for Outlook Web Access, and I host it, and I use domain.local internally, then I would have to go outside and back in to get to my own internal site.  Whereas if my internal name was domain.com I simply need to have an A record for OWA pointing to the internal IP of the OWA server.

Just my own opinion...I know MS recommends .local, but I find it more of a hassle personally.
0
HernandezCommented:
Yes I agree with everyone here.  The answer to your question is that yes you can name it mydomain.lan.
0
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
I totally disagree with The Cleaner... the example of having owa.domain.com doesn't make sense because unless you are also making your DNS Zone the Start of Authority for the domain (not recommended if you value your bandwidth and the security of your LAN), then the queries are still going to go out to the Internet for owa.domain.com.

If it is the SOA, then you need to enable zone transfers which open you up to the potential of leaking internal host names... a security risk.

You also lose the natural separation of internal and external networks which can effect performance as well as the obvious issue of security again.

And, if the internal name was domain.local you could still simply add a secondary dns zone for domain.com with the A record for OWA pointing to the internal IP of the OWA server.  (Or you could publish an lmhosts file with that info as well)

The disadvantages of using a public domain internally far outweight any conceivable advantage, in my opinion.

Jeff
TechSoEasy
0
TheCleanerCommented:
Jeff,

You missed the part where I said "split DNS infrastructure".  Someone externally handles the internet external resolution, while AD DNS handles internal queries.

http://www.isaserver.org/tutorials/You_Need_to_Create_a_Split_DNS.html
0
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
I didn't miss it... but I don't see any advantage as described by your example... only disadvantages.

In your example you simply put an A host record for owa pointing to the internal IP Address of the server.

In my example you simply add a secondary dns zone for domain.com with the A record for OWA pointing to the internal IP of the OWA server.

My example has an additional step -- but otherwise I believe it to still be a more secure environment.

Jeff
TechSoEasy
0
TheCleanerCommented:
yeah I see your point too...guess it's just a matter of preference.

I have yet to find any disadvantage with the split-dns setup, since the ISP or similar manages any external IP/DNS assignments, and I handle the internal.

As far as "secure" goes, once in a hacker is in, regardless of domain name, so I'm not sure how .local is any more secure than .com.  In a split DNS your internal DNS is not accessible by the outside world (again unless hacked) for queries, zone transfers, etc.


I've setup networks in both ways (.local and .com) and both really give you the same results in the end...
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.