0

I'm in the process of learning Windows Server 2012, so I just did a fresh reinstall of it. Before I actually setup a local domain, I'm wondering how to access this from outside of my network. My setup is as follows:

  1. Windows Server 2012 Computer, IP 192.168.0.2, Primary DNS 192.168.0.2
  2. Laptop, IP 192.168.0.100, Primary DNS 192.168.0.2, Secondary DNS 8.8.8.8 (Google)

I read an article stating that for internal networks you should setup your domain as mydomain.local instead of something that might not resolve properly (i.e. domain.com). But, if I use the local version, when I take my laptop outside of the network, how can I get access back into my network for file shares and user profiles and etc?

Please go easy on me as I am still learning. :)

myermian
  • 131
  • 1
  • 8
  • 2
    Don't use .local. Ever. http://www.mdmarra.com/2012/11/why-you-shouldnt-use-local-in-your.html – MDMarra Jan 13 '13 at 04:10
  • @MDMarra: Good to know for someone that is just starting out. That's why I always prefer stack sites for knowledge versus any other website out there. – myermian Jan 13 '13 at 04:22
  • What's so wrong with the question that it deserves a downvote? – myermian Jan 13 '13 at 22:38

1 Answers1

2

It's for this reason that best-practices recommend basing your AD domain in a DNS domain you actually officially control. Instead of something.local, use adroot.example.com. This way you'll have reliable DNS resolution wherever you are.

Now, being able to access AD services across the Internet is something else entirely and it is a not wise thing to expose those ports to anyone and everyone. This is why most organizations use some kind of VPN to allow access to internal AD resources.

This can be an issue for mobile assets that roam about, such as the laptop the Sales people carry with them as they fly across a nation. Happily, Windows will cache credentials for a certain period, and getting the laptops talking to the domain controllers once in a while (that VPN connection again) will keep them refreshed with policy and creds.

Blue Warrior NFB
  • 611
  • 6
  • 17
  • Who is this "best-practices" person who made that recommendation? – John Gardeniers Jan 13 '13 at 05:27
  • 3
    @JohnGardeniers The Great Microsoft itself: http://technet.microsoft.com/en-us/library/cc759036%28v=WS.10%29.aspx – Blue Warrior NFB Jan 13 '13 at 13:31
  • @john take a look at the link I posted on the question itself. There are a lot of reasons to avoid `.local` if "because it violates the RFCs" isn't enough. – MDMarra Jan 13 '13 at 23:19
  • @MDMarra, I'm not advocating the use of .local but I also don't advocate using a public domain internally. In most cases it causes far more problems than it solves. – John Gardeniers Jan 13 '13 at 23:25
  • How? Using split horizon is definitely bad, but there are really no issues at all using a non-public subdomain of a namespace that you use publicly. Assuming you use a DNS delegation and have sane firewall rules, what problems could this possibly cause? – MDMarra Jan 13 '13 at 23:28