[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now


Domain name and recipient name same or not same

Posted on 2007-03-28
Medium Priority
Last Modified: 2010-03-06
If Domain name and recipient name (for exchange server2007) are same in windows 2003 server r2, then is this a good way

abc.com (domain name)
@abc.com (recipient policy)

or domain name should be different than recipient policy.

abc.com (domain name)
@cba.local (recipient policy)

 Which one is most recommend way and why?
The one that is not recommended why not ?
Question by:imran786
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
LVL 39

Accepted Solution

redseatechnologies earned 750 total points
ID: 18806438
This question comes down to "should I use my internet domain name as my internal windows domain name" and you will never get anyone to agree.

Personally, I use internet domains for windows domain names and have never seen proof to not do so.

Both ways will work, and both ways will require you to fiddle with DNS at some point.  The primary argument for .local names is to keep things separate, of which I can see no benefit.  If you can't tell the difference between your internal and external records, then you shouldn't be making this decision.  The other argument for .local is some alleged security benefits, of which I am still waiting to see proof.

Bottom line, go with what you are comfortable with or flip a coin - it really doesn't matter.

LVL 71

Expert Comment

by:Chris Dent
ID: 18806495

Red is right :)

I go the other way, but either way is right. I prefer to use .local and keep everything seperate.

Although... You seem to have your policies a bit the wrong way around up there. It should be:

abc.local (domain name)
abc.com (recipient policy)

Shouldn't it?


Perhaps because I've seen a few too many people make a mess that simply using .local for AD would have avoided completely.

I worked for an ISP for a while, one client got very annoyed with us because they kept telling us their website was down, all the time because they needed to update a host record in their internal DNS following a server move which they'd been warned about. I believe their IT services were outsourced, and no one onsite actually knew anything at all about DNS.

If you start to host services internally then quite often you have to add in an internal version of your public domain anyway. Of course, if everything is hosted elsewhere, you can just happily ignore what's going on in the public domain.

As for the security aspect, I believe it's "security through obscurity" an entirely flawed concept in my opinion. I also see no real security benefits to keeping them seperate.

There is only one thing I would say. If you happen to think you might host your public DNS servers don't try and host your AD DNS Domain as if it were public, that really really doesn't work. Quite unlikely you were thinking of doing that though.

LVL 39

Expert Comment

ID: 18806536
OMG, two people from both ends actually agreeing :)

I think Chris covered exactly what I meant with his examples - If you are not confident with DNS, then .local would be harder to break.

And the security aspect (spouted by a member here) I think was more of a misconception than anything else; "if my internal domain is widgets.com, then logically anyone from outside can get to it and authenticate!" - which is obviously just insane.

Thanks for posting Chris, your contribution will see me using this Q for all future questions about .local versus .com

LVL 71

Expert Comment

by:Chris Dent
ID: 18806647

You're welcome Red, thought it would just be interesting to have the mirror image there :)

LVL 39

Expert Comment

ID: 18827960

I just noticed that this wasn't a split between me and Chris, and was wondering if you would be happy for me to change that.

Considering what a heated debate .com vs .local can be, I would think that a split could more appropriately show that there is no clear answer for everyone.

But hey, it is your question, and I am pretty sure Chris doesn't care anyway - just thought I would ask :)


Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
Are you an Exchange administrator employed with an organization? And, have you encountered a corrupt Exchange database due to which you are not able to open its EDB file. This article will explain all the steps to repair corrupt Exchange database.
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question