Domain name and recipient name same or not same

Posted on 2007-03-28
Last Modified: 2010-03-06
If Domain name and recipient name (for exchange server2007) are same in windows 2003 server r2, then is this a good way (domain name) (recipient policy)

or domain name should be different than recipient policy. (domain name)
@cba.local (recipient policy)

 Which one is most recommend way and why?
The one that is not recommended why not ?
Question by:imran786
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
LVL 39

Accepted Solution

redseatechnologies earned 250 total points
ID: 18806438
This question comes down to "should I use my internet domain name as my internal windows domain name" and you will never get anyone to agree.

Personally, I use internet domains for windows domain names and have never seen proof to not do so.

Both ways will work, and both ways will require you to fiddle with DNS at some point.  The primary argument for .local names is to keep things separate, of which I can see no benefit.  If you can't tell the difference between your internal and external records, then you shouldn't be making this decision.  The other argument for .local is some alleged security benefits, of which I am still waiting to see proof.

Bottom line, go with what you are comfortable with or flip a coin - it really doesn't matter.

LVL 71

Expert Comment

by:Chris Dent
ID: 18806495

Red is right :)

I go the other way, but either way is right. I prefer to use .local and keep everything seperate.

Although... You seem to have your policies a bit the wrong way around up there. It should be:

abc.local (domain name) (recipient policy)

Shouldn't it?


Perhaps because I've seen a few too many people make a mess that simply using .local for AD would have avoided completely.

I worked for an ISP for a while, one client got very annoyed with us because they kept telling us their website was down, all the time because they needed to update a host record in their internal DNS following a server move which they'd been warned about. I believe their IT services were outsourced, and no one onsite actually knew anything at all about DNS.

If you start to host services internally then quite often you have to add in an internal version of your public domain anyway. Of course, if everything is hosted elsewhere, you can just happily ignore what's going on in the public domain.

As for the security aspect, I believe it's "security through obscurity" an entirely flawed concept in my opinion. I also see no real security benefits to keeping them seperate.

There is only one thing I would say. If you happen to think you might host your public DNS servers don't try and host your AD DNS Domain as if it were public, that really really doesn't work. Quite unlikely you were thinking of doing that though.

LVL 39

Expert Comment

ID: 18806536
OMG, two people from both ends actually agreeing :)

I think Chris covered exactly what I meant with his examples - If you are not confident with DNS, then .local would be harder to break.

And the security aspect (spouted by a member here) I think was more of a misconception than anything else; "if my internal domain is, then logically anyone from outside can get to it and authenticate!" - which is obviously just insane.

Thanks for posting Chris, your contribution will see me using this Q for all future questions about .local versus .com

LVL 71

Expert Comment

by:Chris Dent
ID: 18806647

You're welcome Red, thought it would just be interesting to have the mirror image there :)

LVL 39

Expert Comment

ID: 18827960

I just noticed that this wasn't a split between me and Chris, and was wondering if you would be happy for me to change that.

Considering what a heated debate .com vs .local can be, I would think that a split could more appropriately show that there is no clear answer for everyone.

But hey, it is your question, and I am pretty sure Chris doesn't care anyway - just thought I would ask :)


Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
how to add IIS SMTP to handle application/Scanner relays into office 365.
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit If you want to manage em…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question