Domain name and recipient name same or not same

Posted on 2007-03-28
Last Modified: 2010-03-06
If Domain name and recipient name (for exchange server2007) are same in windows 2003 server r2, then is this a good way (domain name) (recipient policy)

or domain name should be different than recipient policy. (domain name)
@cba.local (recipient policy)

 Which one is most recommend way and why?
The one that is not recommended why not ?
Question by:imran786
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
LVL 39

Accepted Solution

redseatechnologies earned 250 total points
ID: 18806438
This question comes down to "should I use my internet domain name as my internal windows domain name" and you will never get anyone to agree.

Personally, I use internet domains for windows domain names and have never seen proof to not do so.

Both ways will work, and both ways will require you to fiddle with DNS at some point.  The primary argument for .local names is to keep things separate, of which I can see no benefit.  If you can't tell the difference between your internal and external records, then you shouldn't be making this decision.  The other argument for .local is some alleged security benefits, of which I am still waiting to see proof.

Bottom line, go with what you are comfortable with or flip a coin - it really doesn't matter.

LVL 71

Expert Comment

by:Chris Dent
ID: 18806495

Red is right :)

I go the other way, but either way is right. I prefer to use .local and keep everything seperate.

Although... You seem to have your policies a bit the wrong way around up there. It should be:

abc.local (domain name) (recipient policy)

Shouldn't it?


Perhaps because I've seen a few too many people make a mess that simply using .local for AD would have avoided completely.

I worked for an ISP for a while, one client got very annoyed with us because they kept telling us their website was down, all the time because they needed to update a host record in their internal DNS following a server move which they'd been warned about. I believe their IT services were outsourced, and no one onsite actually knew anything at all about DNS.

If you start to host services internally then quite often you have to add in an internal version of your public domain anyway. Of course, if everything is hosted elsewhere, you can just happily ignore what's going on in the public domain.

As for the security aspect, I believe it's "security through obscurity" an entirely flawed concept in my opinion. I also see no real security benefits to keeping them seperate.

There is only one thing I would say. If you happen to think you might host your public DNS servers don't try and host your AD DNS Domain as if it were public, that really really doesn't work. Quite unlikely you were thinking of doing that though.

LVL 39

Expert Comment

ID: 18806536
OMG, two people from both ends actually agreeing :)

I think Chris covered exactly what I meant with his examples - If you are not confident with DNS, then .local would be harder to break.

And the security aspect (spouted by a member here) I think was more of a misconception than anything else; "if my internal domain is, then logically anyone from outside can get to it and authenticate!" - which is obviously just insane.

Thanks for posting Chris, your contribution will see me using this Q for all future questions about .local versus .com

LVL 71

Expert Comment

by:Chris Dent
ID: 18806647

You're welcome Red, thought it would just be interesting to have the mirror image there :)

LVL 39

Expert Comment

ID: 18827960

I just noticed that this wasn't a split between me and Chris, and was wondering if you would be happy for me to change that.

Considering what a heated debate .com vs .local can be, I would think that a split could more appropriately show that there is no clear answer for everyone.

But hey, it is your question, and I am pretty sure Chris doesn't care anyway - just thought I would ask :)


Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article outlines the process to identify and resolve account lockout in an Active Directory environment.
This article shows the method of using the Resultant Set of Policy Tool to locate Group Policy that applies a particular setting.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question