Re: AD DNS naming
- From: "SuperGumby [SBS MVP]" <not@xxxxxxxxxxx>
- Date: Fri, 24 Mar 2006 07:55:03 +1100
tks for the thoughts guys - inline
"Danny Sanders" <Danny.Sanders@xxxxxxxxxxxxxxxxx> wrote in message
I took the MS suggestion to relate your AD domain name to your FQDN as a
shift in the way they are doing and going to do things.
I would like to believe they have a vision of what they want their OS to
look like and do 10 to 20 years down the road an this is one step towards
Naming your AD domain in relationship to your FQDN guarantees that your
name is unique. Maybe something in the works with unique AD domain names
in future operating systems?
There is no guarantee that .loc or .pri will remain "unresolvable" in the
I recognise some validity in this thought. We are gradually getting more
'interconnected' and relating the namespace to a controlled namespace to
maintain unique names has recognisable merit. I'm not so sure about it being
'driven' by MS though.
..local name registry? No, I'm not proposing it and it's probably a bit late
in the game anyway.
I'm asking myself if I truly want to open my full AD DNS to another system,
or would I prefer to continue as I do, using my AD DNS as an internal
resource and making those servers I wish to be available externally so by
using records in the public DNS and redirecting at my firewall. My immediate
thought is no, I want at least three levels of visibility, 'private' so that
all my internal systems can see each other, 'shared' so that specific
systems outside can see specific resources, and 'public' so that anyone can
can see specific resources. I now have to think how this is more easily
managed and if the managability changes relative to naming choice. Food for
I think it's a setup for what they want to offer in future OSes.
DDS W 2k MVP MCSE
"Bill" <itprofessional0812_at_remove_yahoo.com> wrote in message
On domain.local vs. FQDN domain naming:
Some people prefer domain.local naming because they want to be 100% sure
that the domain will not resolve anywhere other than locally. The root
Internet servers will not resolve a .local name. In my experience, it is
rare to deploy AD this way.
Call me a cynic but I reckon the rarity of using a seperate namespace is
more due to the fact that people go 'Ohhh, it's asking me for a DNS name,
I'll give it my FQDN', not having first thought about why.
When using FQDN, it's helpful to separate the Internet facing namespaces
from the internal namespaces. For example, if contoso.com resolves on
the Internet, it would be best not to name the internal domain
contoso.com. As a trivial example, the root domain would be
root.contosto.com, and the child domain child.root.contosto.com. If we
name the internal domain contoso.com, this does not necessarily break
anything, but eventually as the organization grows you can run into
problems with conflicts between internal contoso.com records vs. external
contoso.com records. This is a VERY common mistake.
I read this as 'it is better to use sub.contoso.com than contoso.com' and
agree, but why relate your choice to FQDN at all?
"SuperGumby [SBS MVP]" <not@xxxxxxxxxxx> wrote in message
I have a problem I believe this group can help me with, in regard to
AD DNS naming. Thing is, I don't have an immediate problem which anyone
needs to work on, it is more that I am after opinions, discussion, and,
well, argument (in the proper sense of the word, not screaming matches).
My name's Mick Malloy and as you may guess from my moniker I'm an SBS
(Small Business Server) MVP. I became an MVP through involvement in
newsgroups and that is what has led me here. In search of an answer to
my question I've gone a fair way back into previous posts and 'lurked'
for the last few days, but really I find little discussion about my
point of interest.
My interest is discussion of the pros and cons of naming your AD DNS
.local vs a name related to your FQDN. I'm using .local here as a bit of
a generalisation, I actually prefer .lan due to the special handling
some OS's (OSX and a couple of Linux variants) use for the .local domain
but if we discount special handling or start from a premise of .whatever
(as long as it is not related to your internet FQDN) you are likely to
understand where I'm coming from.
/cards on the table time
I believe it is wrong to name your AD DNS with any relationship to
your internet FQDN. It is wrong to name your AD DNS company.com and it
is only slightly less wrong to name it branch.company.com.
I believe most people approach the question from the wrong angle, 'I
have this name (FQDN), I think I'll use it for my AD DNS.' where I
believe they should rather ask 'I need to create an AD DNS name, is
there any reason why it should relate to my public FQDN or should I use
a different namespace?'.
Pointers to previous discussion will be appreciated, and read.
Your participation in new discussion will be greatly appreciated.
- Prev by Date: Re: Event 1504 Group Policy not applying
- Next by Date: DNS 4007 Event Errors
- Previous by thread: Re: AD DNS naming
- Next by thread: Re: AD DNS naming