2

I am working to standardize our DNS names for our various applications, and I proposed the following scheme:

webappname.environment.system.company.tld

So, my application named BackOffice in my production environment for the CreditReview system would have a FQDN like:

backoffice.prod.creditreview.company.tld.

Now, the system and environment subdomains don't exist yet. I thought our IT infrastructure folks would create them as part of the process.

Instead, our IT infrastructure architect directed us to use dashed hostnames instead, so:

backoffice-prod-creditreview.company.tld

Is there any particular reason why he would suggest this direction (besides that he doesn't have to create any subdomains in DNS?) Unfortunately, when I ask him directly, he won't give me any rationale - just "it's a best practice." Of that, however, I'm not so sure. To me, the dashed names feel non-standard.

arcain
  • 229
  • 1
  • 3
  • 9

3 Answers3

6

I preferred dashed hostnames; but I'm not aware of any "best practices" that dictate it.

The main reason I prefer dashed domains:

  • I find them easier to read. This is subjective.
  • You can use a single wildcard certificate to cover all potential devices in the same zone
  • In a multi-domain forest, less confusion about which domain the machine belongs to
  • Less maintenance (this is subjective and really only a trivial amount of maintenance)

We sat down and nutted out our naming scheme and settled on:

site-function-counter - so bs-dc-01.ad.example.com is "Berry Street, Domain Controller, 01", and bs-dc-02.ad.example.com etc. And then we have cc-dc-01.ad.example.com for "Century Circuit, Domain Controller, 01", so on and so forth. This could also have been done as dc-01.bs.ad.example.com but a quick glance makes it look as though it's in a separate Active Directory domain, when it's not (if you're not using AD then this point is probably irrelevant).

Ultimately though, you should be consistent regardless of which naming scheme is in use. So if your organisation is already using dashed hostnames, then they have a good reason to stick with it.

Mark Henderson
  • 68,823
  • 31
  • 180
  • 259
  • We're using AD, and it makes sense that our infra team would probably not create new AD domains for this -- and they may want to strictly couple the DNS names to an AD domain. – arcain Jan 15 '14 at 16:06
2

Dotted are native DNS subdomains in hierarcy while dashed are seperate domains rooted to the one parent domain.

With dotted format you can later delegate some zone to someone (and forget about it), and with dashed format you will always be responsible for each and every host in your domain.

Kondybas
  • 6,964
  • 2
  • 20
  • 24
  • 4
    Also, if you're using wildcard SSL, the dashed subdomain can be used with the wildcard cert. Higher level subdomains can't utilize a wildcard cert for the domain. (e.g. my-sub-domain.example.com can use *.example.com cert. my.sub.domain.example.com cannot) – Jim G. Jan 13 '14 at 23:56
  • @JimG. make this a separate answer ? – Sandman4 Jan 14 '14 at 00:47
2

What is easier to read:

domain.tld.
    department
        host1
            subhost1
            subhost2
        host2
            subhost1

or

domain.tld
    department
    host1-department
    host2-department
    host3-department
    subhost1-host1-department
    subhost2-host1-department
    subhost1-host2-department
Vasili Syrakis
  • 4,558
  • 3
  • 22
  • 30