Domain naming strategy

[Guest]

I have a couple of questions concerning domain naming strategies that I hope someone can help me with. What are the implications of having your internal domain named differently from your registered external domain? Would the previously aforementioned wreck havoc with active directory? I have read somewhere that your internal domain should be a down level domain from your externally registered domain but not vice versa. Is this correct? If not what is the best practice for naming domains?

 

[Danny Sanders]

What are the implications of having your internal domain named differently
from your registered external domain?

Better security because it takes away the chance that internal DNS records
are leaked to the Internet.
Less DNS configuration.
No split-brain DNS set up.
Less work properly configuring Firewall.

Would the previously aforementioned wreck havoc with active directory?

Not necessarily. Some people have their networks set up like that. There are
security issues you need to deal with.


I would suggest this:
Internet domain name = mydomain .com
AD domain = internal.mycompany.com, or corp.mycompany.com or mycompany.pri,
or mycompany.loc


hth
DDS W 2k MVP MCSE

I have a couple of questions concerning domain naming strategies that I

hope someone can help me with. What are the implications of having your
internal domain named differently from your registered external domain?
Would the previously aforementioned wreck havoc with active directory? I
have read somewhere that your internal domain should be a down level domain
from your externally registered domain but not vice versa. Is this correct?
If not what is the best practice for naming domains?

 

[Ben [MSFT]]

KB article 285983 outlines the main points in internal/external namespace
design. Hope this helps.
http://support.microsoft.com/?id=285983

blim
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| >Thread-Topic: Domain naming strategy
| >thread-index: AcPa0uXj3SWrCXWKS9yQYKfFEb5DSw==
| >X-Tomcat-NG: microsoft.public.win2000.active_directory
| >From: "=?Utf-8?B?Sm9obg==?=" <[email protected]>
| >Subject: Domain naming strategy
| >Date: Wed, 14 Jan 2004 11:16:23 -0800
| >Lines: 1
| >Message-ID: <[email protected]>
| >MIME-Version: 1.0
| >Content-Type: text/plain;
| > charset="Utf-8"
| >Content-Transfer-Encoding: 7bit
| >X-Newsreader: Microsoft CDO for Windows 2000
| >Content-Class: urn:content-classes:message
| >Importance: normal
| >Priority: normal
| >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| >Newsgroups: microsoft.public.win2000.active_directory
| >NNTP-Posting-Host: tk2msftcmty1.phx.gbl 10.40.1.180
| >Path: cpmsftngxa07.phx.gbl!cpmsftngxa06.phx.gbl!cpmsftngxa10.phx.gbl
| >Xref: cpmsftngxa07.phx.gbl
microsoft.public.win2000.active_directory:62775
| >X-Tomcat-NG: microsoft.public.win2000.active_directory
| >
| >I have a couple of questions concerning domain naming strategies that I
hope someone can help me with. What are the implications of having your
internal domain named differently from your registered external domain?
Would the previously aforementioned wreck havoc with active directory? I
have read somewhere that your internal domain should be a down level domain
from your externally registered domain but not vice versa. Is this
correct? If not what is the best practice for naming domains?
| >

 

[art]

I can only tell you that I setup AD using registered
domain names, and everything works except VPN.
The remote access clients using VPN time out when trying
to access resources on our private network. The reason, as
far as I can tell, is that because I used our registered
domain name for the active directory setup, when users try
to access resources on the lan, they query the public dns
servers to resolve hosts on the AD. When the authoritve
dns server cannot resolve the hosts the connection fails.
I am now considering renaming our domains, which is a
considerable amount of work. Live and Learn...
Art