[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1103
  • Last Modified:

Active Directory Domain name, .lan or .com?

Add Active Directory in a MAC/Linux environment, current Linux DNS server use mycompany.com, should AD use mycompany.lan or mycompany.com, which is better? We are not going to replace linux DNS server recently. Most MAC clients will not join windows domain. I thought using .lan is better(MAC has some issues with .local). Just need to add a conditional forwarder in Linux&AD DNS servers. If using the same .com domain name, will it cause problems, any benefit?
0
howardz168
Asked:
howardz168
1 Solution
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
OLDER Macs had issues with .local - newer ones SHOULD be just fine.  That said, I'd probably be inclined to use .lcl - you don't want to use a routable domain name unless it's EXCLUSIVELY and SPECIFICALLY for AD.  For example, if you really wanted to, you COULD go with ad.mycompany.com - ad would be a sub-domain (DNS-wise) and shouldn't conflict with any other domains/DNS resolution.
0
 
howardz168Author Commented:
Do you mean you prefer .local instead of .lan?Is there any difference between these two options? I can't use ad.mycompany.com in this case. Using the same mycompany.com is absolutely not recommended, right?
0
 
Mike KlineCommented:
Do you ever plan to use Office365, if you do take a look at Mark's blog entry

http://markparris.co.uk/2011/03/08/active-directory-local-domain-design-and-office-365/

I didn't know that until a session at the MVP summit (where that blog entry came from)

Thanks

Mike
0
 
howardz168Author Commented:
There is no plan to use Office365 in the near future. If I use .com and most workstations(MAC) and servers(Linux) still use Linux DNS as their primary DNS server, will it cause a problem? How to configure this, manually add all records in both DNS servers?
0
 
DrDave242Commented:
I would personally not use .com, as it violates the principle of separating your internal and external DNS namespaces.  You'll then have to band-aid it by doing things like manually creating host records for external machines that people need to access from inside the office, and that can be a pain.  If you're concerned about using .local, then .lan (or some other non-public top-level suffix) will work just fine.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Tackle projects and never again get stuck behind a technical roadblock.
Join Now