I am setting up an Exchange 2007 Edge Transport server in its own DMZ (obviously not on the domain). As this is a small installation, DNS resolution of the Hub Transport(s) will be done via 'hosts' file entries.
I want to know what the best practice is for setting the DNS suffix on the Edge Server.
As I see it, there are three options:
Internal domain (e.g. internal.com)
External domain (e.g. external.com)
Arbitrary, unrelated domain (e.g. company-dmz.com)
What I am looking for is an explanation of when you would choose each of the above and why. Of particular interest are any security concerns - for example if the server gets compromised.
I see some people suggesting it be set to the internal domain name and others saying it should be the external one. Logically, it seems that if DNS to the Hub is handled by the 'hosts' file, the DNS suffix should be irrelevant and could be set arbitrarily. Unfortunately, no one provides much justification for their answer and, as usual, MS are painfully uninformative.
It probably isn't worth the stress but I don't like being forced to make decisions where I don't understand the reasoning behind the options. I've put the points up because I am looking for explanations, not just simple answers or links to any of the dozens of pages I've already been to.