14

I am taking over a project and the local domain name is domain.com; they also have a website at domain.com.

I have always used domain.local for AD, and am wondering if that is a best practice or is there a reason for not doing so.

Running an nslookup internal for domain.com does resolve to the proper IP and the rDNS records are configured correctly.

I would like to start connecting some of the servers and the vCSA through LDAP, and am wondering if this might start causing problems?

SamErde
  • 3,324
  • 3
  • 23
  • 42
Anthony Fornito
  • 9,526
  • 1
  • 33
  • 122
  • Maybe this will be of help: https://social.technet.microsoft.com/wiki/contents/articles/34981.best-practices-for-internal-ad-domain-and-network-names.aspx – Lenniey Mar 28 '17 at 15:53
  • 5
    .local should never be used in the FQDN of an AD DS domain. – MDMarra Mar 28 '17 at 15:57
  • 4
    `I have always used domain.local for AD and am wondering is that just best practice or is there a reason for doing so.` - It isn't best practice and you should cease from using .local for any AD domains that you create. – joeqwerty Mar 28 '17 at 15:58
  • Since when did this Change? All through college 2002 - 2007 whenever we setup a lab it was always .local, I just went through CBTnuggets Server2016 labs and the servers we setup as .local. – Anthony Fornito Mar 28 '17 at 16:06
  • After reading @MDMarra comment and his blog along with others it looks like this is always done with a demo environment, however I cannot think of a time when working for an Enterprise company that has used anything other than .local, upon futher reading it looks like this might have been a standard that some companites could not move away from? – Anthony Fornito Mar 28 '17 at 16:17
  • 7
    Best practices change over time. For a long time it was considered acceptable and fairly standard to use .local. Microsoft even used .local in much of their documentation. The best practice recommendation changed to reflect that you should no longer use .local, not use a made up TLD, and not use an FQDN that isn't registered and owned by the organization. You should use an unused sub-domain of your public domain. – joeqwerty Mar 28 '17 at 16:27
  • If this needs to be broken out into a different question let me know. So what if they are not using a subdomain? If i right click on this pc from a domain connected computer should i see the subdomain next to domain? Right now the domain is domain.com no subdomain. – Anthony Fornito Mar 28 '17 at 16:38
  • 2
    @AnthonyFornito The only issue with that approach is that you've got a Split-DNS situation. Nothing inherently wrong with it - it can just be awkward if you want people inside to access external resources on domain.com. – Dan Mar 28 '17 at 17:06

1 Answers1

4

our internal domain is a sub-domain of our public domain. we use split dns as well as some of our websites etc which are publicly available are internal and have to resolve to different ip addresses internally as opposed to externally.

you can get away with using your domain internally, as said above. you just have to get your head around the split dns

andrew perry
  • 106
  • 3
  • This is a commonly accepted practice. For internal computers on the Active Directory network, you can use something like corp.domain.com. – Charles Burge May 08 '18 at 06:53