Soldato
My sentiments exactly.company.local
Screw macs.
your domain naming convention
- Thread starter Django x2
- Start date
Associate
- Joined
- 9 Jul 2006
- Posts
- 130
Man of Honour
company.local
Screw macs.
Indeed, even as a mac user I don't think they belong near a windows domain.
That said, I think the root.adr schema (and hence businessunit.root.adr/technology.root.adr etc) works better for larger setups where you can't for whatever reason delegate a subdomain.
Caporegime
This.
We have company.co.uk in hiensight it's not really best practise but it's not the end of the world.
Our website is hosted externally so a www. in the DNS records is fine. Our DNS is for internal use only. It would be over my dead body that the AD DNS would ever be exposed to the public.
Our website is hosted externally so a www. in the DNS records is fine. Our DNS is for internal use only. It would be over my dead body that the AD DNS would ever be exposed to the public.
Associate
- Joined
- 9 Jul 2006
- Posts
- 130
OK - so, effectively using .com internally are incorporating "split-brain or split-horizon DNS" to ensure the AD is not exposed but it's not really consistent DNS (as resolution is different internally/externally)
So interesting to hear the different viewpoints. Thanks
So interesting to hear the different viewpoints. Thanks
company.local
Screw macs.
I was going to respond with an "eww that's a lot of domains and slightly overkill" until I saw who it was and what you'd be working on.
. I normally do companyname.local.
I use a whole-brain methodology of DNS management.
External - companyname.co.uk
Internal - companyname.local
For those thinking about doing this you can also just add companyname.co.uk as the preferred user principal name (UPN) suffix in your directory. Makes DNS simpler to manage, internal network protected from external access and the users will probably find it easier too.
External - companyname.co.uk
Internal - companyname.local
For those thinking about doing this you can also just add companyname.co.uk as the preferred user principal name (UPN) suffix in your directory. Makes DNS simpler to manage, internal network protected from external access and the users will probably find it easier too.
Last edited:
I don't need to elaborate really.
Where will a user ever be exposed to DNS in a way that they will have their lives made easier or harder? The only way an implementation of DNS being changed could make users lives easier is if the original implementation was wrong.
Users should never be accessing resources via typed UNC paths/FQDNs and web based stuff should be shortcutted/bookmarked off. Even if web based resources were typed then it makes no odds what the address is, it's an address.
The only exposure of DNS (and issues with it) users have had in my experience is when a domain is named the same as the external site and it breaks. This can be worked around and is less an issue of "difficulty" and more a case of "Plain broken"
Where will a user ever be exposed to DNS in a way that they will have their lives made easier or harder? The only way an implementation of DNS being changed could make users lives easier is if the original implementation was wrong.
Users should never be accessing resources via typed UNC paths/FQDNs and web based stuff should be shortcutted/bookmarked off. Even if web based resources were typed then it makes no odds what the address is, it's an address.
The only exposure of DNS (and issues with it) users have had in my experience is when a domain is named the same as the external site and it breaks. This can be worked around and is less an issue of "difficulty" and more a case of "Plain broken"
Last edited:
None of my users use FQDN's to access resources or anything like that, the addition of the UPN suffix essentially helps my users when they access e-mail on their phones or other external devices that has to specify either their sAMAccountname or username with the UPN suffix. This is also true for some OWA implementations.
But yes, you're right, internally the DNS structure is transparent.
But yes, you're right, internally the DNS structure is transparent.
Last edited:
Man of Honour
and is internal.companyname.co.uk delegated to your AD for DNS purposes? Because it should be!