DNS Namespace

Posted on 2007-03-25
Last Modified: 2010-03-17
Hi I have recently inhertited a 2003 AD that has a DNS zone already created for network naming. Thing is its  created with a .com zone ie the external domain and not the usual .local you'd see. Now this company do not host there own dns/web servers. so what i was wondering is there are handy way to reconfigure this zone with a .local domain instead of the .com. without losing anything or disturbing network users?
Question by:georgemildred
  • 3
  • 2
LVL 48

Expert Comment

ID: 18789822

nope that would be a complete rename of your domain which you dont want to go down :)


LVL 25

Expert Comment

ID: 18789841
there is nothing wrong with having a .com DNS name for an AD domain.  Some engineers do it like that and some do it with the .local namespace.  They both have their pros and cons, but they will both work fine as long as they are setup correctly.  There are many threads about this topic on EE where people vent about one is correct and the other is not.... since they both work fine, they are both correct IMO. I would advise you to leave it alone as Jay Jay did.  I actually like having the same internal and external DNS name myself.


Author Comment

ID: 18792012
but will this not cause hassle for users. will it slow anything down?
when you say setup right is there anything special on a zone created with a .com instead of a .local that i shoul be looking for?

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

LVL 25

Expert Comment

ID: 18797552
>>but will this not cause hassle for users. will it slow anything down?
no,, actually it will be faster since they can resolve dns queries for 'your domain' locally 100% of the time.  with a .local and a .com namespace the .com DNS server may be offsite since it is a 'public' DNS server,,, if you use the same namepace for both, they will both be resolved locally on your 'internal .com" DNS server.  As far as the hasssle issue for users, it is actually easier for users IMO since they will ALLWAYS use the .com address.  For example, if .local and .com are used, then users will need to go to mail.domain.local when they are internal and when they are external (thus remembering two URLs for everything).  If you use .com internally, then they can access their mail both internally and externally in the exact same way ( Assuming you have it setup correctly of course.

the important thing is just to create the A records correctly.  On your internal DNS server needs to point to the IP address that your users 'hit' your mail server from the inside on.  on your external DNS server you need to create the A record that external users access your mail server on.  THese may or may not be the same IP depending on your setup.

Author Comment

ID: 18837651
ok so i am expericing a problem a the moment wereas this domain is called which has its own 2003 dns server internal, and all seems well until users try hit the company website which is also and the website is hosted by our isp. what woudl i need to add to my internal dns server to avoid this page cannot be displayed thing when users from the internal try to access the company web site

LVL 25

Accepted Solution

mikeleebrla earned 500 total points
ID: 18837687
all you need to do is create an "A" aka host record on your internal DNS server for the host 'www' and point that A record to the external IP of your www server that is hosted by your ISP.  that way whenever internal clients to an NSLOOKUP it will resolve to the public IP, just as when they are not 'in' your network.


Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Installing a printer using group policy preferences is not that hard let’s take a look at it. First lets open up your group policy console and edit the policy you want to add it to. I recommend creating a new policy for each printer makes it a l…
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question