• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 241
  • Last Modified:

Internal Domain name

I want to makesure that it is alright to call my windows 2003 domain    mydomain.lan   ?  

0
focusen
Asked:
focusen
  • 4
  • 2
  • 2
  • +1
1 Solution
 
NJComputerNetworksCommented:
yes this is fine
0
 
TheCleanerCommented:
yep...anything.anything would work too...it doesn't matter what you call it (within reason) as long as it has the structure of:

domainname.TopLevelDomainName
0
 
NJComputerNetworksCommented:
it is best, to name the domain something other then your register Internet domain name:

For example. if your registered internet domain name is COMPANY.COM, it is best not to name your internal Windows domain company.com

Instead name it something different like:  company.local, company.bob, company.lan, company.anything, company.dot, company.interal, company.dlkjasdlkjfa, company-internal.lan, company-internal.local, etc


0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
TheCleanerCommented:
While I understand the recommendation that NJ said about using different internal/external domain names (as per MS recommendations), I personally disagree.

I think seting up a split-DNS (which is required if you do use the same internal/external names) is simple to do, and makes working with mail servers, web sites you host, etc. easier in my opinion.

For instance, if I have OWA.domain.com for Outlook Web Access, and I host it, and I use domain.local internally, then I would have to go outside and back in to get to my own internal site.  Whereas if my internal name was domain.com I simply need to have an A record for OWA pointing to the internal IP of the OWA server.

Just my own opinion...I know MS recommends .local, but I find it more of a hassle personally.
0
 
HernandezCommented:
Yes I agree with everyone here.  The answer to your question is that yes you can name it mydomain.lan.
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
I totally disagree with The Cleaner... the example of having owa.domain.com doesn't make sense because unless you are also making your DNS Zone the Start of Authority for the domain (not recommended if you value your bandwidth and the security of your LAN), then the queries are still going to go out to the Internet for owa.domain.com.

If it is the SOA, then you need to enable zone transfers which open you up to the potential of leaking internal host names... a security risk.

You also lose the natural separation of internal and external networks which can effect performance as well as the obvious issue of security again.

And, if the internal name was domain.local you could still simply add a secondary dns zone for domain.com with the A record for OWA pointing to the internal IP of the OWA server.  (Or you could publish an lmhosts file with that info as well)

The disadvantages of using a public domain internally far outweight any conceivable advantage, in my opinion.

Jeff
TechSoEasy
0
 
TheCleanerCommented:
Jeff,

You missed the part where I said "split DNS infrastructure".  Someone externally handles the internet external resolution, while AD DNS handles internal queries.

http://www.isaserver.org/tutorials/You_Need_to_Create_a_Split_DNS.html
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
I didn't miss it... but I don't see any advantage as described by your example... only disadvantages.

In your example you simply put an A host record for owa pointing to the internal IP Address of the server.

In my example you simply add a secondary dns zone for domain.com with the A record for OWA pointing to the internal IP of the OWA server.

My example has an additional step -- but otherwise I believe it to still be a more secure environment.

Jeff
TechSoEasy
0
 
TheCleanerCommented:
yeah I see your point too...guess it's just a matter of preference.

I have yet to find any disadvantage with the split-dns setup, since the ISP or similar manages any external IP/DNS assignments, and I handle the internal.

As far as "secure" goes, once in a hacker is in, regardless of domain name, so I'm not sure how .local is any more secure than .com.  In a split DNS your internal DNS is not accessible by the outside world (again unless hacked) for queries, zone transfers, etc.


I've setup networks in both ways (.local and .com) and both really give you the same results in the end...
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

  • 4
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now