Solved

Domain name and recipient name same or not same

Posted on 2007-03-28
5
655 Views
Last Modified: 2010-03-06
If Domain name and recipient name (for exchange server2007) are same in windows 2003 server r2, then is this a good way

abc.com (domain name)
@abc.com (recipient policy)

or domain name should be different than recipient policy.

abc.com (domain name)
@cba.local (recipient policy)

 Which one is most recommend way and why?
The one that is not recommended why not ?
0
Comment
Question by:imran786
  • 3
  • 2
5 Comments
 
LVL 39

Accepted Solution

by:
redseatechnologies earned 250 total points
ID: 18806438
This question comes down to "should I use my internet domain name as my internal windows domain name" and you will never get anyone to agree.

Personally, I use internet domains for windows domain names and have never seen proof to not do so.

Both ways will work, and both ways will require you to fiddle with DNS at some point.  The primary argument for .local names is to keep things separate, of which I can see no benefit.  If you can't tell the difference between your internal and external records, then you shouldn't be making this decision.  The other argument for .local is some alleged security benefits, of which I am still waiting to see proof.

Bottom line, go with what you are comfortable with or flip a coin - it really doesn't matter.

-red
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 18806495

Red is right :)

I go the other way, but either way is right. I prefer to use .local and keep everything seperate.

Although... You seem to have your policies a bit the wrong way around up there. It should be:

abc.local (domain name)
abc.com (recipient policy)

Shouldn't it?

Anyway...

Perhaps because I've seen a few too many people make a mess that simply using .local for AD would have avoided completely.

I worked for an ISP for a while, one client got very annoyed with us because they kept telling us their website was down, all the time because they needed to update a host record in their internal DNS following a server move which they'd been warned about. I believe their IT services were outsourced, and no one onsite actually knew anything at all about DNS.

If you start to host services internally then quite often you have to add in an internal version of your public domain anyway. Of course, if everything is hosted elsewhere, you can just happily ignore what's going on in the public domain.

As for the security aspect, I believe it's "security through obscurity" an entirely flawed concept in my opinion. I also see no real security benefits to keeping them seperate.

There is only one thing I would say. If you happen to think you might host your public DNS servers don't try and host your AD DNS Domain as if it were public, that really really doesn't work. Quite unlikely you were thinking of doing that though.

Chris
0
 
LVL 39

Expert Comment

by:redseatechnologies
ID: 18806536
OMG, two people from both ends actually agreeing :)

I think Chris covered exactly what I meant with his examples - If you are not confident with DNS, then .local would be harder to break.

And the security aspect (spouted by a member here) I think was more of a misconception than anything else; "if my internal domain is widgets.com, then logically anyone from outside can get to it and authenticate!" - which is obviously just insane.

Thanks for posting Chris, your contribution will see me using this Q for all future questions about .local versus .com

-red
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 18806647

You're welcome Red, thought it would just be interesting to have the mirror image there :)

Chris
0
 
LVL 39

Expert Comment

by:redseatechnologies
ID: 18827960
imran786,

I just noticed that this wasn't a split between me and Chris, and was wondering if you would be happy for me to change that.

Considering what a heated debate .com vs .local can be, I would think that a split could more appropriately show that there is no clear answer for everyone.

But hey, it is your question, and I am pretty sure Chris doesn't care anyway - just thought I would ask :)

-red
0

Featured Post

Why do Marketing keep bothering you?

Is your marketing department constantly asking for new email signature updates? Are they requesting a different design for every department? Do they need yet another banner added? Don’t let it get you down! There is an easy way to manage all of these requests...

Join & Write a Comment

Easy CSR creation in Exchange 2007,2010 and 2013
Synchronize a new Active Directory domain with an existing Office 365 tenant
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
how to add IIS SMTP to handle application/Scanner relays into office 365.

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now