-1

What is the impact of having a routable domain name in windows network infrastucture ?

Having example.com in place of exemple.local as domain name have an critical impact ? if yes what should I keep in mind during the installation of the infrastructure ?

Thank for your help an advice.

Shurmajee
  • 7,285
  • 5
  • 27
  • 59
Sébastien Degrève
  • 1
  • 1
  • 1
  • I'm not sure what you mean by this question. Can you try and describe it better. What is it you want to do? – Rory Alsop May 21 '13 at 12:39
  • in fact I want to know if designing a microsoft windows domain with routable domaine name (for exemple microsoft.com) in place of non routable domain (for exemple microsoft.local) have a impact on the security of my network ? – Sébastien Degrève May 21 '13 at 14:03

1 Answers1

1

It is very slightly more secure, because you can't inadvertently leak internal network information out via your public DNS.

However, Microsoft no longer recommend you do it, for various non-security reasons - the two most usually mentioned are that it can confuse the heck out of Bonjour, and that non-routable TLDs are not guaranteed unique. (so, if I name my domain "production.corp" and you do too, we are never going to be able to connect them.)

Basically, the tiny security benefit is not worth the potential future difficulty. As a general rule, the first thing to do before setting up an AD is to get your DNS rock solid - so keep it as simple as possible.

Have a read of http://technet.microsoft.com/en-us/library/bb727085.aspx, particularly the section on naming your Forest Root, for Microsoft's advice.

Graham Hill
  • 15,394
  • 37
  • 62
  • Additionally, with ICANN introducing new TLDs, you can't be sure your non-routable name will *stay* non-routable. If ".corp" ever becomes a valid public TLD, you won't just conflict with other private "production.corp" domains, but with whoever actually registers "production.corp"... – Gordon Davisson Jun 21 '13 at 15:47
  • To see a related topic to what Gordan talked about, see [this old quetsion](http://security.stackexchange.com/questions/14802/if-someone-bought-the-local-tld-could-that-be-a-security-risk) of mine. – Scott Chamberlain Jun 21 '13 at 16:19