RE: Namespace Design

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: Graham (Graham_at_discussions.microsoft.com)
Date: 08/10/04 

Date: Tue, 10 Aug 2004 12:33:06 -0700

Thanks for the replies Phil and Scott.

Just one last question. What if I were to name my AD zone to xyz.net? What
are your thoughts?

Thanks,

Graham

"Phillip Renouf" wrote:

> If you make your AD zone a sub-domain of your public DNS presence you will
> potentially expose your internal naming/numbering scheme as well as
> information about your AD environment that would be valuable information to
> an attacker. That information could be used at a technical level, or even for
> social engineering to get more sensitive information or access.
>
> I'd recommend registering another domain (ad-bob.com) and only using that
> internally for your AD environment and not putting any presence on a public
> DNS server. Register it though so no one else will use it on the internet and
> cause you problems if you need to get to their sites.
>
> Phil
>
> "Graham" wrote:
>
> > Here is a quick question:
> >
> > 1. When deciding on a namespace for AD, is it secure to use a sub-domain of
> > your current registered domain name i.e. if my current registered domain name
> > is xyz.com and if I used ad.xyz.com for my internal namespace are there any
> > security issues and/or will my internal network be exposed to the internet at
> > all.
> >
> > Thanks to all that help:)
> >
> > Graham

Relevant Pages

  • RE: Namespace Design
    ... domain if you ever need to access it on the internet ... Phil ... "Graham" wrote: ... >> information about your AD environment that would be valuable information to ...
    (microsoft.public.windows.server.active_directory)
  • Graham Sanders brewing podcasts and the HomeBrewers team
    ... then surely you have heard of Graham Sanders ... ... Now, our 'HomeBrewers' Team, which now has over a hundred members, has already contributed over 152 _YEARS_ worth of spare computer time to a wide variety of humanitarian projects -- most of them being for medical research such as 'cancer', and ALL of our research being for NON-PROFIT projects, and with all resulting research being available to the entire world. ... The idea I had originally posted was merely 'speculative' -- that if we could help increase productivity of grains that maybe it would free some acreage for growth of barley. ... Computers do NOT need to be on the Internet while they do their work for us; they only need to be connected to the Internet during the very brief times when they are uploading the results that they have computed, or downloading a new task; the program automatically detects when the connection is open, and then exchanges data. ...
    (rec.crafts.brewing)
  • Re: OT : Cornwall tides
    ... >> This might be one you could help with, Graham? ... >Unfortunately the Hydrographer claims copyright on tidal information for ... >the UK and won't allow more than 7 days worth to be published on the ... People aren't *supposed* to be able to load music off the internet ...
    (uk.sci.weather)
  • Re: Question about Outlook 2007
    ... "Graham R Seach" wrote: ... I had deleted temporary files in Internet Explorer. ... >> This is the folder pointed to in the Registry. ...
    (microsoft.public.outlook)