Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 319
  • Last Modified:

DC FQDN best practise

I have recently had to completely re-install my DC which acts as DNS, DHCP, AD and File server. Before this re-installation, it also hosted exchange and IIS. Now I have outsourced the email and website to O365.

My question:
O365 is configured with the domain: example1.org.uk.

Is it okay to configure my DC FQDN as example1.org.uk or should I name it something different, such as example1.com or example2.org.uk etc?

Thanks in advance!
  • 2
  • 2
2 Solutions
DarinTCHSenior CyberSecurity EngineerCommented:
there are 2 thoughts to this matter
actually opposing - go figure

1st says that it should be the same
ie www.xerox.com = Xerox the company

I proscribe to a different line of thinking
(for security and simplicity)
2nd  webserver.ml.com = Merrill Lynch
the domain name is different - but still understood
traffic destined for 'internet - web presence' goes to www.merrilllynch.com
I have seen this scenario applied at 75% of the companies - Large and Small that i work with
Saint Barnabas Medical Center could sbmc.local
in the end
unless you have a very simple company name
figure out a simple domain space
Only issue I see with having a registered domain company.com which hosts www.company.com and your internal C domain also being company.com is your going to have to put a host A record in DNS for www and point to the external website ip to be able to have internal lan users access the website
PlyogloAuthor Commented:
TunerML, presumably this means that if I had my internal FQDN as company.com, and set the URL mail.company.com to point to O365 mail website via an A record in the O365 DNS management section, this would cause problems on the local network? (In that typing in mail.company.com on local machines with point to the mail subdomain of the local company.com server, rather than the outsourced O365 mail server).

Unless I setup an appropriate record on the on-premises server to redirect mail.company.com to the O365 mail website?
I would assume that you wouldn't have to make any config changes in 365. If you need to resolve the external mail.company.com server another simple host A in your local DNS server to point to the external mail.company.com ip should suffice. So just like with the www host A record just put another mail host A record in your local dc DNS and point it where it should be.

In other words any service that is handled outside of your local network but shares the same as your local domain will have to be explicitly redirected with a host A pointer through your local domain DNS server.

Let me know if this helps
PlyogloAuthor Commented:
That clears everything up. Thanks!

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now