We are preparing to install internal DNS services, then rename the domain and finally go to a 2000 Network. We have been told that we need to rename our domain without special characters like the dash or underscore.
What is the best naming convention for the DNS suffix? After installing DNS should we rename the internal domain the same as the Primary DNS suffix? We will keep the Web site as mycompany.com. What are the pros and cons to having DNS and the internal domain the same? And should we distinguish our internal domain from the external Web site? Should we consider a different name for the DNS suffix?
As far as the external and internal domain names matching, there are several schools of though. My personal preference is to name the external and the internal domain separately. So your external domain is called mycompany.com, but your internal name is mycompany.local. The .local suffix is not a proper suffix for the Internet, and that is generally a good thing. Separating the DNS zones for external and internal use helps to clarify the difference between the two networks. Generally, the systems on the outside network exposed to the Internet are not part of the domain anyway -- it is a security risk that most companies try to avoid. The exception of course is Exchange email systems. Exchange needs to contact the AD because it leverages the directory for information and configuration. Of course, because your internal domain name does not match the external one, there is a little more configuration that will need to occur in regards to Exchange. It will need to be configured to recognize mycompany.com as being part of its responsibility from an email perspective. Not a hard thing to do by any means.
Some companies choose to keep both the same, but have any systems in the DMZ or external to the company utilize a different set of DNS servers that only have information you want published on the Internet. So the mycompany.com would exist both externally and internally. Internally the systems would use the Windows DNS servers that do not share their information with the external DNS servers. The Internal DNS servers could be configured to forward any requests for zones that they don't have to the external DNS.
As I said, I personally like the clear separation of the DNS names. So, in your specific case I would:
Call the Internal domain MyCompany.local
Call the External Domain mycompany.com
Do not add DMZ servers to the Windows Domain unless there is a compelling reason to (like Exchange)
Leave the NetBIOS name as My_Company.
Additional Expert Help:
Be sure to check our Answer FAQ for more expert advice.
For faster answers, visit ITKnowledge Exchange.
Dig Deeper on Legacy operating systems
Related Q&A from Paul Hinsberg
Need to take an in-place upgraded PDC offline to rebuild it and use the second and third freshly-built 2003 DCs to handle services? Our expert ... Continue Reading
Our expert provides the steps to set up an Active Directory (AD) domain trust when DNS records need to be created before the trust. Continue Reading
Expert Paul Hinsberg weighs the pros and cons of installing DNS on domain controllers rather than having separate DNS servers. Continue Reading