Solved

Best Practice for Setting up Domain Controller + DNS Server with FQDN

Posted on 2011-03-13
5
1,913 Views
Last Modified: 2012-06-21
HI there,

I'm setting up a new Domain Controller, DNS, DHCP server from scratch. I'm wanting to do it in the best manner possible. I've been told that using proper FQDN is the best practice for several reasons. I attempted to use our FQDN 'mrdomain.co.nz' as the Domain Controller name, this also happens to be domain of our website (and company). This went through fine. However, i'm concerned this may not be the best practice as i've had a few wee issues with DNS & DHCP.
I'm interesting in hearing the pro's and con's of this method also.


I'm looking for some advice in this manner, and I'm sure more info will need to be provided.

Many thanks
0
Comment
Question by:lemonville
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
5 Comments
 
LVL 7

Expert Comment

by:OxygenITSolutions
ID: 35123645
Everyone is going to have different opinions so I'll just share some of my thoughts.

Search for technet Domain Controller best practices. Plenty of info around.

With 2008, if you are using a single disk system, I am finding using one big C drive is the best option.
Also use something like mrdomain.local or mrdomain.priv . Not best practice to use your public domain name.

Think about your backup Domain Contoller.

Make sure your structure is adequate and think about your naming conventions.

Finally, don't be afraid to wipe your DC if you are not comfortable. It's good practice and cleaner.

Good Luck!!
0
 
LVL 1

Author Comment

by:lemonville
ID: 35123782
Thanks for that.

Regarding your statement on not using a public domain name. Is there any reason for this in particular? Do some people use it?

The other items we are all sorted on.
0
 
LVL 7

Expert Comment

by:OxygenITSolutions
ID: 35123792
Basically, you do not want your Private Infrastructure directly accessible from the internet.
0
 
LVL 59

Accepted Solution

by:
Darius Ghassem earned 500 total points
ID: 35123922
Doesn't really matter if you use your external domain name internally this will not affect your security of your internal domain. There are some pains on having same internal and external domain name though when it comes to DNS and resolving your external domain website if you have one. You can fix this with some DNS records though and an IIS redirect.


http://oddjobsintech.com/active-directory-tip-access-external-website-with-the-same-domain-name-as-your-internal-domain/

Read this article tells you not recommended because of DNS issues but again they can be fixed.

http://technet.microsoft.com/en-us/library/cc755946(WS.10).aspx
0
 
LVL 7

Expert Comment

by:OxygenITSolutions
ID: 35153588
Guy asked for best practices, not security. Best practice is to not use your External Domain Name. You now have an environment you need to patch and hack to get to your website. Very messy. I think you heard what you wanted to hear.
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A safe way to clean winsxs folder from your windows server 2008 R2 editions
Learn how to PXE Boot both BIOS & UEFI machines with DHCP Policies and Custom Vendor Classes
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question