Problem solve Get help with specific problems with your technologies, process and projects.

What is the best naming convention for the DNS suffix?

Expert Paul Hinsberg breaks down the rules for go by when naming DNS domains.

We are running an NT4 domain with a domain name in the following format: My_Company (no extension). We also have a Web site located outside our domain with a Web service (Verio) called mycompany.com. We have not yet implemented DNS.

We are preparing to install internal DNS services, then rename the domain and finally go to a 2000 Network. We have been told that we need to rename our domain without special characters like the dash or underscore.

What is the best naming convention for the DNS suffix? After installing DNS should we rename the internal domain the same as the Primary DNS suffix? We will keep the Web site as mycompany.com. What are the pros and cons to having DNS and the internal domain the same? And should we distinguish our internal domain from the external Web site? Should we consider a different name for the DNS suffix?
First, a Windows 2000/2003 domain has two names -- a Fully Qualified Domain Name (FQDN) and a NetBIOS name. The FQDN must match the DNS zone name for the Domain. The NetBIOS name can be completely different and can be something like My_Company if you really want to keep it. Windows 2000/2003 leverage DNS and thus will be using the FQDN you give to the Active Directory more than the NetBIOS name familiar with the Windows NT 4.0 world. While you NetBIOS name can be My_Company, your FDN name should be something like mycompany.com -- that is excluding the special characters.

As far as the external and internal domain names matching, there are several schools of though. My personal preference is to name the external and the internal domain separately. So your external domain is called mycompany.com, but your internal name is mycompany.local. The .local suffix is not a proper suffix for the Internet, and that is generally a good thing. Separating the DNS zones for external and internal use helps to clarify the difference between the two networks. Generally, the systems on the outside network exposed to the Internet are not part of the domain anyway -- it is a security risk that most companies try to avoid. The exception of course is Exchange email systems. Exchange needs to contact the AD because it leverages the directory for information and configuration. Of course, because your internal domain name does not match the external one, there is a little more configuration that will need to occur in regards to Exchange. It will need to be configured to recognize mycompany.com as being part of its responsibility from an email perspective. Not a hard thing to do by any means.

Some companies choose to keep both the same, but have any systems in the DMZ or external to the company utilize a different set of DNS servers that only have information you want published on the Internet. So the mycompany.com would exist both externally and internally. Internally the systems would use the Windows DNS servers that do not share their information with the external DNS servers. The Internal DNS servers could be configured to forward any requests for zones that they don't have to the external DNS.

As I said, I personally like the clear separation of the DNS names. So, in your specific case I would:

Call the Internal domain MyCompany.local
Call the External Domain mycompany.com
Do not add DMZ servers to the Windows Domain unless there is a compelling reason to (like Exchange)
Leave the NetBIOS name as My_Company.

Additional Expert Help:
Be sure to check our Answer FAQ for more expert advice.
For faster answers, visit ITKnowledge Exchange.

Dig Deeper on Legacy operating systems