Will my Active Directory DNS conflict with external DNS servers

Posted on 2009-02-19
Last Modified: 2012-05-06
Hello all,

I am about to start setting up Active Directory on Windows 2008 in the coming weeks. My setup will be a standard AD procedure with 2 DC Servers and a few weeks later down the line creating a child DC in another country, all connected together.

I am planning to use the company's own domain as the forest name for example Now this domain already exists as has a mailserver, web server hosted with a 3rd party company and I plan to keep it this way.

My question is, will using the same domain affect my AD Dns with the public Dns worldwide. Keep in mind I also plan to connect a domain server set up in another country. If problem arises I would just use company.local instead but I rather use the proper one to be more streamlined.

I hope my question was understandable and I thank you fin advance for any feedback given. Cheers!
Question by:devereandpartners
    LVL 12

    Expert Comment

    According to Microsoft this isn't the best practice.  However, I have seen it done plenty of times without any problems.  
    LVL 5

    Accepted Solution

    Yes, you can do this if you like. You can name your AD domain the same as your external domain - the only thing you will need to be mindful of is that you will configure your DNS servers to be authoritative for the domain and so you can set DNS to point outside your network for services like your website if its hosted externally. For the website example you would set an A record of www to point to the external IP of your website.
    LVL 5

    Assisted Solution

    To be more clear on what I just put - you will likely have two DNS systems to manage. One that is internet side where your domain is registered that will point to your MX records and website (if hosted externally) and then theres your internal DNS servers, which will differ in some situations such as if your mail server is a server on your network and not hosted by a 3rd party then in this case your internal DNS server will have a local IP for your mail server where as the DNS on the internet side will point to the external IP address you setup for your server.
    LVL 3

    Assisted Solution

    That is the same setup that I have inherited at my company. ( for the domain) The only gotcha that I found is I had to add an entry to my DNS to allow users to brows to our hosted website. If I had the choice I would have made it company.local, I would suggest this for you as well unless you were planning on bringing the website in house in the future. and even then it would not be a big deal.
    LVL 82

    Expert Comment

    Your name choice has nothing to do with being "streamlined". Your *internet* presence has nothing at all to do with your *management* domain. You should keep these apart, so as to avoid any possible confusion which is which. Note that even if you're using a suffix like .local, you can still run Exchange or whatever with your normal email addresses, and you can even add an alternate UPN suffix so that users can, for example, logon to your AD domain.local using their email address
    The following article is not limited to SBS, it applies to most AD installations:
    The Domain Name System name recommendations for Small Business Server 2000 and Windows Small Business Server 2003
    LVL 18

    Expert Comment

    You should not use the same name of your internal AD domain as your external domain name. It is bad practice and create confusion as well as create extra work and troubleshooting down the road...why bother.

    Why not just come up with a unique name, like oBdA suggested, you can always create UPN suffix and allow user to logon with username same as their email address which user will have less to complain with.

    Author Closing Comment

    Thanks alot for all the feedback. I will take the most secure option and go with company.local Will avoid needless complication for just adding .com. Cheers

    Featured Post

    Why You Should Analyze Threat Actor TTPs

    After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

    Join & Write a Comment

    Suggested Solutions

    OfficeMate Freezes on login or does not load after login credentials are input.
    The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
    This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
    This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…

    745 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now