Deploying an Active Directory based network often means you get to pick the name of the domain(s) used in your environment. Often, when we name private network domains, we tend to lean towards official fully qualified domain name (FQDN) constructions that would be valid on the Internet. However, we need not do so. Active Directory does rely upon DNS to function. But DNS does not require you to use only the Internet-legal top level domain names.
Yes, you must comply with the hierarchical nature of DNS name structures, but what I'm referring to is the top level domain (TLD) name. You need not limit yourself to any of the official TLDs. This includes the original seven: .com, .org, .net, .edu, .gov, .mil, or .int. As well as the new seven: .biz, .info, .name, .pro, .aero, .coop, and .museum.
Within your own private organization, as long as you use the correct DNS structure (which you are forced to do by DNS itself), you can employ any customized TLD that you wish. While it may seem ostensible that you must use only Internet-legal TLDs, this is not the case. Your internal DNS name hierarchy can be completely different from your company's external DNS name hierarchy. Furthermore, by using non-Internet legal names, you can further restrict external users from gaining easy access to your private and secured internal systems.
Obviously, this action can only be taken if your DNS servers are not part of the Internet's DNS namespace hierarchy.
James Michael Stewart is a partner and researcher for ITinfopros, a technology-focused writing and training organization.
This was first published in November 2004