Active Directory Domain name, .lan or .com?

Posted on 2011-04-20
Last Modified: 2012-05-11
Add Active Directory in a MAC/Linux environment, current Linux DNS server use, should AD use mycompany.lan or, which is better? We are not going to replace linux DNS server recently. Most MAC clients will not join windows domain. I thought using .lan is better(MAC has some issues with .local). Just need to add a conditional forwarder in Linux&AD DNS servers. If using the same .com domain name, will it cause problems, any benefit?
Question by:howardz168
    LVL 95

    Expert Comment

    by:Lee W, MVP
    OLDER Macs had issues with .local - newer ones SHOULD be just fine.  That said, I'd probably be inclined to use .lcl - you don't want to use a routable domain name unless it's EXCLUSIVELY and SPECIFICALLY for AD.  For example, if you really wanted to, you COULD go with - ad would be a sub-domain (DNS-wise) and shouldn't conflict with any other domains/DNS resolution.

    Author Comment

    Do you mean you prefer .local instead of .lan?Is there any difference between these two options? I can't use in this case. Using the same is absolutely not recommended, right?
    LVL 57

    Expert Comment

    by:Mike Kline
    Do you ever plan to use Office365, if you do take a look at Mark's blog entry

    I didn't know that until a session at the MVP summit (where that blog entry came from)



    Author Comment

    There is no plan to use Office365 in the near future. If I use .com and most workstations(MAC) and servers(Linux) still use Linux DNS as their primary DNS server, will it cause a problem? How to configure this, manually add all records in both DNS servers?
    LVL 25

    Accepted Solution

    I would personally not use .com, as it violates the principle of separating your internal and external DNS namespaces.  You'll then have to band-aid it by doing things like manually creating host records for external machines that people need to access from inside the office, and that can be a pain.  If you're concerned about using .local, then .lan (or some other non-public top-level suffix) will work just fine.

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Join & Write a Comment

    Do you have users whose passwords are expiring and they are constantly calling you?  Well I sure did and needed a way to put an end to this.  We have a lot of remote users which would not be notified that their passwords were expiring since they wer…
    Mapping Drives using Group policy preferences Are you still using old scripts to map your network drives if so this article will show you how to get away for old scripts and move toward Group Policy Preference for mapping them. First things f…
    This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

    754 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now