Domain name and recipient name same or not same

If Domain name and recipient name (for exchange server2007) are same in windows 2003 server r2, then is this a good way (domain name) (recipient policy)

or domain name should be different than recipient policy. (domain name)
@cba.local (recipient policy)

 Which one is most recommend way and why?
The one that is not recommended why not ?
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

This question comes down to "should I use my internet domain name as my internal windows domain name" and you will never get anyone to agree.

Personally, I use internet domains for windows domain names and have never seen proof to not do so.

Both ways will work, and both ways will require you to fiddle with DNS at some point.  The primary argument for .local names is to keep things separate, of which I can see no benefit.  If you can't tell the difference between your internal and external records, then you shouldn't be making this decision.  The other argument for .local is some alleged security benefits, of which I am still waiting to see proof.

Bottom line, go with what you are comfortable with or flip a coin - it really doesn't matter.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Chris DentPowerShell DeveloperCommented:

Red is right :)

I go the other way, but either way is right. I prefer to use .local and keep everything seperate.

Although... You seem to have your policies a bit the wrong way around up there. It should be:

abc.local (domain name) (recipient policy)

Shouldn't it?


Perhaps because I've seen a few too many people make a mess that simply using .local for AD would have avoided completely.

I worked for an ISP for a while, one client got very annoyed with us because they kept telling us their website was down, all the time because they needed to update a host record in their internal DNS following a server move which they'd been warned about. I believe their IT services were outsourced, and no one onsite actually knew anything at all about DNS.

If you start to host services internally then quite often you have to add in an internal version of your public domain anyway. Of course, if everything is hosted elsewhere, you can just happily ignore what's going on in the public domain.

As for the security aspect, I believe it's "security through obscurity" an entirely flawed concept in my opinion. I also see no real security benefits to keeping them seperate.

There is only one thing I would say. If you happen to think you might host your public DNS servers don't try and host your AD DNS Domain as if it were public, that really really doesn't work. Quite unlikely you were thinking of doing that though.

OMG, two people from both ends actually agreeing :)

I think Chris covered exactly what I meant with his examples - If you are not confident with DNS, then .local would be harder to break.

And the security aspect (spouted by a member here) I think was more of a misconception than anything else; "if my internal domain is, then logically anyone from outside can get to it and authenticate!" - which is obviously just insane.

Thanks for posting Chris, your contribution will see me using this Q for all future questions about .local versus .com

Chris DentPowerShell DeveloperCommented:

You're welcome Red, thought it would just be interesting to have the mirror image there :)


I just noticed that this wasn't a split between me and Chris, and was wondering if you would be happy for me to change that.

Considering what a heated debate .com vs .local can be, I would think that a split could more appropriately show that there is no clear answer for everyone.

But hey, it is your question, and I am pretty sure Chris doesn't care anyway - just thought I would ask :)

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.