Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

help i've inherited a .corp domain

Posted on 2014-11-12
3
180 Views
Last Modified: 2014-11-14
I inherited a .corp domain at my new company.  We have several SSL certs and external DNS names that have the .CORP suffix associated with them.  This year all the 3rd party CA vendors have told me that they will not renew my .CORP ssl certificates and that I should figure out how to rename my external DNS names to something other than .CORP.  We do own a public .COM address and could use that on the outside for DNS and certificate generation.  But... I'd have to stand up this domain because it doesn't exist yet, and I'd have to work out some kind of trust between my existing .CORP domain and this new .COM domain.  

I guess my question is,.... is there an easier way to accomplish this?  Migrating all objects from the .CORP domain to the .COM domain would take at least 12 months given the complexity of the environment.

thanks in advance
0
Comment
Question by:mppickard
3 Comments
 
LVL 33

Expert Comment

by:it_saige
ID: 40438034
Actually, you don't have to change your internal domain to .com.  Just use a split DNS where you have (in your case) a .CORP dns tree (this is what your internal computers will primarily use for communication) and a secondary .COM domain so that your internal clients can access externally available internal resources by their respective DNS name.

-saige-
0
 
LVL 32

Accepted Solution

by:
aleghart earned 500 total points
ID: 40438995
You can continue to use .corp TLD internally, but when you publish DNS servers via DHCP, you must _not_ use any public DNS servers.  Some admins will put their own internal DNS servers as primary and secondary, then list a public DNS server as tertiary "backup".  Sounds good on paper...until you start resolving internal hostnames to external hosts that are not under your control.

The mis-use of ".corp" is what stalled ICANN from accepting it for gTLD.  It's considered "high-risk" due to the volume of DNS resolves that actually make it outside the LAN to a public DNS server.

How are you publishing ".corp" hostnames externally?  I'm confused about that.
0
 

Author Closing Comment

by:mppickard
ID: 40442577
Yeah I already figured it would be a heap of work.  and we don't publish .corp outside the company just internal.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

One of the biggest threats in the cyber realm pertains to advanced persistent threats (APTs). This paper is a compare and contrast of Russian and Chinese APT's.
This article outlines the process to identify and resolve account lockout in an Active Directory environment.
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question