-1

For the past couple of years I've been running a small Windows-based web-hosting operation with the AD domain matching the company's public domain name, in accordance with my interpretation of Microsoft's guidelines of domain naming (e.g. "hostingcompany.com")

Obviously this caused problems: the lack of a split-level DNS (I foolishly used the AD DNS servers as the public DNS servers too) means that anyone outside the organisation can resolve addresses of hosts (the servers all have only one IP address each, which is public, and consequently marked as being on a "Domain" network with the relaxed firewall rules that go with it).

The system isn't sustainable and when we rebuild later this year (along with having the servers on a private network in addition to the public one) we'll be using split-level DNS, but I'm thinking of using ".local" as the TLD of the domain rather than "internal.hostingcompany.com". My reasoning is because we'll be offering white-label and reseller services, and our resellers wouldn't be happy with people seeing our company name as they go about business, which is why I was thinking of using the generic "host.local" domain name (it also has the added advantage of being nice and short), but I have reservations about using ".local" because of a lack of RFC compliance and issues with mDNS (even though it isn't used in my organisation). I'm just disappointed that Microsoft didn't petition ".internal" or something similar specifically for this use.

EDIT:

I've been told I should put an actual question in here, so in summary:

"What should the FQDN of a Windows-based hosting company's internal Active Directory domain be?"

Dai
  • 2,290
  • 8
  • 27
  • 43
  • hosting.local ;) That is what I use. What is the issue with mDNS? This is a purely internal AD based domain anyway ;) – TomTom Aug 01 '10 at 23:59
  • 3
    Ok, now that you've had a good gripe about the problem, do you have an actual question? This is after all a Q&A site, not a discussion forum. – John Gardeniers Aug 02 '10 at 01:06
  • 2
    Your interpretation re: Microsoft's guidelines re: domain naming was wrong from the start. Microsoft hasn't ever, all the way back to 1999, recommended naming an Active Directory domain the same as a public Internet domain. There are no benefits to split DNS-- it creates pointless work and helps no one. – Evan Anderson Aug 02 '10 at 04:07
  • If you don't rephrase this to clarify what your question is, it'll likely be closed. – ThatGraemeGuy Sep 02 '10 at 11:18
  • What utter tripe, Evan Anderson! [Here is Microsoft recommending the use of the same name as the registered public DNS name in its Windows Server 2003 product documentation.](http://technet.microsoft.com/en-gb/library/cc759036(WS.10).aspx) And [here is MS KnowledgeBase article 909264 repeating the advice to register "the DNS names of Active Directory domains" or their superdomains in the public DNS](http://support.microsoft.com/kb/909264). – JdeBP Dec 24 '11 at 01:24

1 Answers1

2

Well, assuming a generic question here of What May Go Horribly Wrong With Regard To My Reservations, I'll go out on a limb and say "Nothing." Or, at least, I've been using a local internal domain name on my own networks and those I've installed for dozens, if not hundreds, of clients ever since Windows 2000 beta, and it's not caused me (or them) any problems at all, as long as I remembered to bear the extra, internal name in mind when configuring Exchange, IIS, etc.

(And it saves me all the trouble of maintaining a split-horizon DNS, which while controversial, is worth it for me.)

With this one exception:

Regarding mDNS - and side note to @TomTom here - the problem with mDNS is that various mDNSs, including Apple's Bonjour, reserve .local for their own use; any name ending .local is assumed to be an mDNS name. So I started out using .local as a suffix for my internal domain names, and then when I bought an iMac a couple of years later, when mDNS was relatively new, it couldn't see anything on the domain at all in DNS, which was all kinds of fun to figure out.

So then I renamed my internal domain to be a .lan, instead of a .local, and haven't had any trouble since. Which practice, "host.lan", I recommend to you, because while you may not be using any mDNS services now, using .local these days just tempts fate to guarantee that you'll have to implement one a couple of years down the line, and domain renames are a PITA at the best of times.

Cerebrate
  • 174
  • 3
  • 13