Re: Domain name on a new SBS??/

AD DNS naming has very little to do with security. Even if you make the
worst choices you can do 'split horizon' DNS and control visibility.

Most people approach the question from the wrong angle, and that's what I
see happening in this (and most other) discussions. Ask not 'Should my AD
DNS reflect or be related to my public records?' ask instead 'Is there any
advantage for a relationship between my AD DNS and public records?'. I can
assure you, there are none, I've been in enough arguments about it to know
if any such _legitimate_ reason existed.

AD DNS is used purely for name resolution inside the AD. This is not an
'SBS' thing, it is pure AD and the only reason I no longer use .local,
preferring .lan instead, is due to some OS's (not only Mac's) using a
non-standard name resolution mechanism for .local (like YEAH, that's a smart
thing, NOT).

"bass_player" <bassplayer@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:1927C78B-2442-4C30-A23F-58B430DB36B6@xxxxxxxxxxxxxxxx
My only rationale for having an internal domain name different from an
external domain name is SECURITY.
--
MCP MCDBA MCAD MCSD MCT MCTS:SQL Server 2005
"Helping people grow and develop their full potential as God has plan for
them"


"Lanwench [MVP - Exchange]" wrote:

In news:966299C3-34CA-4C08-8EBD-F1B9B422C029@xxxxxxxxxxxxx,
BruceMcc <BruceMcc@xxxxxxxxxxxxxxxxxxxxxxxxx> typed:
I have a domain name registered, say www.mydomain.com.

I will be using this domain for email and will also be setting up a
website which will be hosted somewhere else (GoDaddy or something
like that).

From what I understand I should name my internal domain
mydomain.local . Is that correct?

What is the reasoning for this? Is there a reason they should match?

Thanks
Bruce

It's your call. I like internal.mydomain.com rather than anything.local -
but it really doesn't matter what you call it; you could even use
mydomain.com - but that would likely cause issues with your ability to
easily access publicly hosted websites, whatnot.





.

Relevant Pages

  • Re: Should DCs with DNS point to self first?
    ... > when you have all locally, by doing so IMO you're wasting server ... > good reason to do so IMO. ... there are far more issues associated with pointing a DC at itself for primary DNS than pointing at something else. ...
    (microsoft.public.windows.server.active_directory)
  • Re: specific problem with migration
    ... The reason I want a new clean instalation is because previous admins ... mess with DNS etc, which made considerable chaos on DC and the hole domain. ... The second reason is that current domain controler wasn't formated for more ... > | another Windows 2000 server which is secondary domain controler. ...
    (microsoft.public.windows.server.migration)
  • Re: Fixed but no idea why.
    ... reverse DNS checks will work. ... itself as (EHLO/HELO hostname). ... this broken, there is absolutely no reason to alter the IIS behavior, ...
    (microsoft.public.inetserver.iis.smtp_nntp)
  • RE: [fw-wiz] Allowing DNS servers to operate behind NetScreen 500
    ... currently relevant reason for DNS responses to be over 512 bytes in size. ... to a 'proposed standard' RFC and mentioned only DNSSEC as an example, ... use nym-based security, since there isn't any software that supports it. ...
    (Firewall-Wizards)
  • RE: DNS Setup Assistance
    ... have a single domain, UNLESS there is some specific reason to have ... the biggest single NT 4.0 reason to have ... > I am needing assistance with a specific setup and design for a DNS ... > they also have an Active Directory namespace of EX=> name.local how should ...
    (microsoft.public.windows.server.dns)