We are preparing to install internal DNS services, then rename the domain and finally go to a 2000 Network. We have been told that we need to rename our domain without special characters like the dash or underscore.
What is the best naming convention for the DNS suffix? After installing DNS should we rename the internal domain the same as the Primary DNS suffix? We will keep the Web site as mycompany.com. What are the pros and cons to having DNS and the internal domain the same? And should we distinguish our internal domain from the external Web site? Should we consider a different name for the DNS suffix?
As far as the external and internal domain names matching, there are several schools of though. My personal preference is to name the external and the internal domain separately. So your external domain is called mycompany.com, but your internal name is mycompany.local. The .local suffix is not a proper suffix for the Internet, and that is generally a good thing. Separating the DNS zones for external and internal use helps to clarify the difference between the two networks. Generally, the systems on the outside network exposed to the Internet are not part of the domain anyway -- it is a security risk that most companies try to avoid. The exception of course is Exchange email systems. Exchange needs to contact the AD because it leverages the directory for information and configuration. Of course, because your internal domain name does not match the external one, there is a little more configuration that will need to occur in regards to Exchange. It will need to be configured to recognize mycompany.com as being part of its responsibility from an email perspective. Not a hard thing to do by any means.
Some companies choose to keep both the same, but have any systems in the DMZ or external to the company utilize a different set of DNS servers that only have information you want published on the Internet. So the mycompany.com would exist both externally and internally. Internally the systems would use the Windows DNS servers that do not share their information with the external DNS servers. The Internal DNS servers could be configured to forward any requests for zones that they don't have to the external DNS.
As I said, I personally like the clear separation of the DNS names. So, in your specific case I would:
Call the Internal domain MyCompany.local
Call the External Domain mycompany.com
Do not add DMZ servers to the Windows Domain unless there is a compelling reason to (like Exchange)
Leave the NetBIOS name as My_Company.
Additional Expert Help:
Be sure to check our Answer FAQ for more expert advice.
For faster answers, visit ITKnowledge Exchange.
Dig Deeper on Legacy operating systems
Related Q&A from Paul Hinsberg
Need to take an in-place upgraded PDC offline to rebuild it and use the second and third freshly-built 2003 DCs to handle services? Our expert ... Continue Reading
One admin wants to know if he can run DCPROMO on a Windows Server 2003 machine while the root domain is on Windows 2000. Continue Reading
A new admin's Active Directory is in utter chaos. Here's what our expert suggests. Continue Reading