8

I am new to the world of server configurations and am having a hard time coming to grasps what a domain is especially in an internal environment. For example I have read and been told the best naming convention to use for an internal domain is domain_name.local. However I have no idea of the purpose of having a domain and what it does?

The second question I have is if I have a registered domain name e.g. example.com which points to a website, how does using the domain name example.com affect me using same name when setting up a web server and mail server?

I am unsure if the same terminology carries across Windows and Linux however if it does, I would like to know how this relates to Linux.

PeanutsMonkey
  • 1,892
  • 9
  • 27
  • 28

4 Answers4

4

Domains are handy things, since it allows you a single namespace to locate resources. Even internally, this is quite useful. Most companies only have a few externally accessible addresses and quite a few more internal ones. Using a subdomain ("winserv023.hosting-nyc-usa.example.com") under your publicly visible domain ("example.com") makes it easy to set up and not conflict with anything else out there on the internet.

Using an arbitrary root ("winserv023.companyname") has its own problems, even if it'll never ever be visible to the world. With the expected explosion in top-level-domains in coming years, it is not impossible that "companyname." could be a perfectly valid top-level domain.

DNS domains are completely different than Windows Active Directory Domains, though AD domains do use DNS for resource location. DNS domains function the same on both Linux and Windows and follow very similar terminology. Windows DNS and Linux BIND DNS have slightly different terminology usage in their documentation but they both do the same thing in the end.

sysadmin1138
  • 133,124
  • 18
  • 176
  • 300
  • Thanks. I am confused by the term `namespace`. Please correct me if I am wrong. Assuming I have a registered domain name example.com, I wish to set up a web and mail server as well as an internal server such as file server. With that assumption, how does the domain name play a role? – PeanutsMonkey May 17 '11 at 21:52
  • The second example is that I have no domain name registered. I take it there is no such thing as an internal mail server as I don't see a reason to have one unless the internal mail server connects downloads all my emails and the users connect to the internal mail server instead to download and send emails. Not sure how this would be different to having an external mail server. Based on the assumption I have no domain name registered, how would I set up my file server and if there is reason to, my internal mail server and web server (Intranet)? – PeanutsMonkey May 17 '11 at 21:56
4

Imagine you are in charge of a bunch of computers. Let's also imagine that you are tired of just referring to them by their IP addresses. Let's say you've given them cool names instead. And now you would like some way for every machine on your network to be able to find each other just by using their names. So you go and setup a DNS server, which can be queried for information about these names and who they belong to.

DNS is hierarchical, so at the top (or the root of the tree) you have the root DNS servers (represented by '.'), then you have top-level domains (.org, .com, and so on), then domains, and subdomains, and so on ad infinitum. So you need to group your names into a container. This container is your domain namespace. For example let's say your domain name is middleearth and your workstation is frodo (frodo.middleearth) and your server is gandalf (gandalf.middlearth).

The big difference between an "internal domain" and an "external domain" is who is able to query your DNS server and thus learn everything there is know about your domain. If you've setup the middleearth domain because YOU and your organization just got tired of using IP addresses to refer to all your machines (see @JamesHannah answer for why this is annoying), then you DO NOT want the public/internet/world talking to your DNS server; so outside of your network no one even knows your domain "exists". Inside your network all your machines know that the mail server is gondor.middlearth and that your DNS server knows where to find it.

An "external domain" is one you want the public/internet/world learning about... like say your website. So you buy a domainname from a provider, they make the records changes (or you do it yourself if your DNS server is publically accessible), and now everyone can find your domain. If you already own example.org you can again either through whomever does your DNS services or if you provide them yourself, add a mail server called mail.example.org (using an MX record), or really anything that you want to be part of that namespace.

And as noted by sysadmin1138, this concept is part of but not at all inclusive of what makes up an Windows Active Directory Domain.

In my opinion this is really a question about DNS. I've always liked Technet's article here, but you may find it overly long. It's well worth understanding DNS as a system administrator. It's the glue that pretty much holds the internet together (well, that and perl...).

Community
  • 1
  • @kce - That is probably the easiest examples I have had in a very long time and thanks for breaking it down for a newbie. Truly appreciate it. The only thing I am baffled by is the term `namespace` because I have heard it thrown about in a few places e.g. .NET, PHP, XML so am unclear what it is all about and how it relates to a domain. – PeanutsMonkey May 17 '11 at 23:54
  • @kce - You also refer to an external domain so I take it if I draw comparisons between an internal and external domain, the difference would be one is unbeknownst to the outside world and the other is known to the world via by an external accesssible DNS. What I am also confused by is using say a top-level domain is an internal domain? Does this make a difference if I use the same domain externally and internally seeing that I would have 2 distinct DNS servers or is the case that you usually only have 1 DNS servers playing both roles? I can't imagine it being a single server. – PeanutsMonkey May 17 '11 at 23:58
  • 1
    A Namespace is just the container or the context in which the names are usable. For example: in middlearth, you can find gandalf, whereas if you are in the startrek namespace no one has any idea who gandalf is. In my opinion, the distinction between "internal" and "external" domains is drawn by who is allowed to query their respective DNS servers. There's no reason at all why couldn't have an "internal" domain using a top-level domain name such as example.org, and this might be a good idea in some respects. Most companies probably use a DNS registar service and then run their own server. –  May 18 '11 at 01:00
  • @kce - Thanks. With the domain aside, how do these come together to create a fully qualified domain name? Using the example of middlearth and frodo, would the fully qualified domain name be frodo.middlearth or would it be something else? – PeanutsMonkey May 18 '11 at 01:23
  • A fully qualified domain name (FQDN) is one where you have the entire path through the "tree" (namespace) to the root. frodo.middleearth is not an FQDN. frodo.middleearth.com. (notice the period, denoting the root of the DNS namespace) IS a fully qualified domain name. Do you need to have a FQDN for "internal" use.. nope! Just a properly configured DNS server. –  May 18 '11 at 03:43
  • @kce - That makes sense. Correct me if I am wrong. I take it that you don't need a FQDN for internal use is because no one can access the PCs, servers and the like from the outside. The internal DNS server would simply point an IP address to a host and domain e.g. frodo.middlearth. Is that right? – PeanutsMonkey May 18 '11 at 04:07
  • Yes. That is correct, although it is common for people to setup "fake" FQDNs for internal use (i.e., frodo.middleearth.com). If you decide you want to make your internal domain an external domain later this can sometimes be a good thing or a bad thing (imagine if you setup your internal FQDN as ***.google.com!). Personally, I like to use .localnet for a TLD. –  Jun 12 '11 at 21:12
2

Assuming you understand how domains are used on the Internet, it's easiest to think of local domains as an extension of that. These days DNS is the primary means of identifying hosts on a network. All DNS entries must reside within a domain. It follows therefore that a domain is required.

As an example, all the computers on our company network have DNS entries in the company's internal domain, just as our public resources have DNS entries in our public domain.

John Gardeniers
  • 27,458
  • 12
  • 55
  • 109
  • My understanding is rather basic. I know there is a top level domain e.g. .com. The domain name would be example hence forming example.com. Now the entries would be A, MX, CName records. Please correct me if I am wrong in understanding your example. I presume you have an internal DNS servers that have various DNS records such as A -> example.com.local -> 192.168.0.1 which would simply be the DNS Server. The next record could be A -> mycomputer.example.com -> 192.168.0.2. Am I correct in my understanding? – PeanutsMonkey May 17 '11 at 22:00
  • @PeanutsMonkey, you've pretty much got it. I suggest you spend a little time getting really familiar with DNS because it's the cornerstone of both the Internet and all but the most trivial of networks. Even my home network has an internal DNS server. With a little Googling you should be able to find plenty of information on the subject. – John Gardeniers May 18 '11 at 02:15
  • Thanks. Good to know I am on the right path. Any recommendations or suggestions on videos I could watch that explain the topic in greater details for a newbie? – PeanutsMonkey May 18 '11 at 03:16
  • @PeanutsMonkey, perhaps you should post this as a separate question, which is sure to get you some good recommendations from people more expert in this area than I am. – John Gardeniers May 18 '11 at 03:59
1

So, a domain is basically just a way to refer to a resource (server/group of servers) by a name instead of an IP address.

Referring to a resource by IP address is bad for obvious reasons, you're not able to change the IP address of the resource without updating all your configuration that refers to it. If you're using DNS or some kind of zeroconf domain name system (e.g Bonjour), then you can just update the mapping between domain-name and IP address to point to a new physical resource.

Obviously whether you use a private domain or public domain is like using a private or public IP address. Private domains e.g "mailserver.local" or "pdns.mycorp" means that the resources will only be addressable internally. If you want something to be publically addressable, or don't want to roll out your private DNS infrastructure, you'll need to buy and use a public domain name, something ending .com or .net or whatever.

It's basically up to you, you need to choose something which is consistent and make your DNS service reliable. It's platform agnostic as well, the only thing you'll need to worry about is what DNS server/method you use. I believe Windows deployments tend to mostly use ActiveDirectory as a DNS server, since you'd need to have one in a Windows domain anyway.

On *nix, the traditional, venerable choice would be Bind, but other DNS servers are available.

JamesHannah
  • 1,731
  • 2
  • 11
  • 24
  • 1
    Sorry for being a noob. I completely lost you in the example of using a private or public domain as it still doesn't explain to me what a domain name is especially in an internal environment. – PeanutsMonkey May 17 '11 at 22:02