Solved

Best Practice for Setting up Domain Controller + DNS Server with FQDN

Posted on 2011-03-13
5
1,907 Views
Last Modified: 2012-06-21
HI there,

I'm setting up a new Domain Controller, DNS, DHCP server from scratch. I'm wanting to do it in the best manner possible. I've been told that using proper FQDN is the best practice for several reasons. I attempted to use our FQDN 'mrdomain.co.nz' as the Domain Controller name, this also happens to be domain of our website (and company). This went through fine. However, i'm concerned this may not be the best practice as i've had a few wee issues with DNS & DHCP.
I'm interesting in hearing the pro's and con's of this method also.


I'm looking for some advice in this manner, and I'm sure more info will need to be provided.

Many thanks
0
Comment
Question by:lemonville
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
5 Comments
 
LVL 7

Expert Comment

by:OxygenITSolutions
ID: 35123645
Everyone is going to have different opinions so I'll just share some of my thoughts.

Search for technet Domain Controller best practices. Plenty of info around.

With 2008, if you are using a single disk system, I am finding using one big C drive is the best option.
Also use something like mrdomain.local or mrdomain.priv . Not best practice to use your public domain name.

Think about your backup Domain Contoller.

Make sure your structure is adequate and think about your naming conventions.

Finally, don't be afraid to wipe your DC if you are not comfortable. It's good practice and cleaner.

Good Luck!!
0
 
LVL 1

Author Comment

by:lemonville
ID: 35123782
Thanks for that.

Regarding your statement on not using a public domain name. Is there any reason for this in particular? Do some people use it?

The other items we are all sorted on.
0
 
LVL 7

Expert Comment

by:OxygenITSolutions
ID: 35123792
Basically, you do not want your Private Infrastructure directly accessible from the internet.
0
 
LVL 59

Accepted Solution

by:
Darius Ghassem earned 500 total points
ID: 35123922
Doesn't really matter if you use your external domain name internally this will not affect your security of your internal domain. There are some pains on having same internal and external domain name though when it comes to DNS and resolving your external domain website if you have one. You can fix this with some DNS records though and an IIS redirect.


http://oddjobsintech.com/active-directory-tip-access-external-website-with-the-same-domain-name-as-your-internal-domain/

Read this article tells you not recommended because of DNS issues but again they can be fixed.

http://technet.microsoft.com/en-us/library/cc755946(WS.10).aspx
0
 
LVL 7

Expert Comment

by:OxygenITSolutions
ID: 35153588
Guy asked for best practices, not security. Best practice is to not use your External Domain Name. You now have an environment you need to patch and hack to get to your website. Very messy. I think you heard what you wanted to hear.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Using MS Hello on a Domain Joined Surface Book 4 49
Robocopy parameters. 6 44
Blocking Microsoft Edge From Running? 14 59
SSL-VPN 1 51
There have been a lot of times when we have seen the need to enter a large number of DNS entries in a forward lookup zone. The standard procedure would be to launch the DNS Manager console, create the Zone and start adding new hosts using the New…
You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question