which is better ABC.org, or ABC.local?

Discussion in 'Windows Small Business Server' started by Freddie, May 18, 2009.

  1. Freddie

    Freddie Guest

     
    Freddie, May 18, 2009
    #1
    1. Advertisements

  2. and I've been having the argument for several years with people who either
    do or at least think they know better and what I want to know is why you
    would even _think_ of naming your private network in a way that has any
    relationship with a namespace which is inherently designed to be public?

    Please don't ask me to justify why my private network should operate in a
    private namespace. Instead: _TRY_ to justify why the namespace of your
    private network should be in any way related to public records.
    [/QUOTE]

    I wish I had just used the public domain name, or maybe a subdomain
    like internal.abc.com instead of the .local tld for my SBS
    environment. Creating an internal subdomain is just as secure if you
    do not publish it on public DNS servers and gives more flexibility for
    future use. I have yet to see any good reasons not to use a "real"
    domain.
     
    SuperGumby [SBS MVP], May 19, 2009
    #2
    1. Advertisements

  3. Freddie

    Duncan McC Guest

    >,
    says...
    *MORE* flexibility for future use? How so? You can still use a public
    domain name later, and use your local SBS to "do things with it".
    However if you use a public name first up, it makes it, IMO, way *more*
    difficult to use it later. Keep your LAN traffic LAN, and public stuff
    public. You can bring in your public traffic (eg email) to your LAN
    easily. If you wish to host your public website on your SBS site, you
    can do so easily too, but it is *vital* that your site is absolutely
    secure and not vulnerable (eg SQL injection, weak passwords, poor code).
    A truly static site should not be a problem (SBS runs one itself out of
    the box - however it's a one page "redirect now" to SSL). In general,
    no-one around here is gonna recommend you host your own site on your SBS
    server. You are already doing an "all your eggs in one basket" by doing
    SBS and placing a lot of trust in MS's SBS build - hosting your public
    website is so much more dangerous, given port 80's the most commonly
    attacked port/vector on the planet - only now it's up to *you* to ensure
    your html or asp, or aspx is *absolutely watertight*.
     
    Duncan McC, May 19, 2009
    #3
  4. So, as others have already pointed out, avoid .com and .org (yes, I'm going
    to avoid the politics of why, others can fight it.)

    But one thing I've found is that .local likes to conflict with some damned
    apple service that insists that .local is reserved.

    I've been using .lan for years now for that reason.

    -Cliff
     
    Cliff Galiher, May 19, 2009
    #4
  5. Actually, there's no reason not to use a *subdomain* such as
    internal.mycompany.com. If it never gets published/made public in DNS it
    won't matter. I do this all the time. It's just a personal preference.

    Imagine all the trouble people will get into someday if .local or .lan
    become public TLDs. ;-)
     
    Lanwench [MVP - Exchange], May 19, 2009
    #5
  6. Freddie

    Leythos Guest

    If you use a public domain name, one that you don't own, it will cause
    all sorts of problems for you and may setup a DNS loop with the real
    domain owner.

    There is no valid reason to use a public domain name TLD, it will only
    complicate your setup later.

    Using .LAN or .LOCAL is the best choice and then creating the necessary
    pointers for your ABC.ORG in your DNS that point to the INTERNAL IP's or
    External IP's as needed is the way to go.
     
    Leythos, May 19, 2009
    #6
  7. Freddie

    Leythos Guest

    Oh, forgot, you should not use your actual company name either. Use
    something like COMPANY.LOCAL or OURCOMPANY.LOCAL, or BUSINESS.LOCAL, or
    something OTHER THAN your company name. We see a lot of posts asking
    about changing the domain name for the SBS network, there is no reason
    to give the SBS domain your real company name.
     
    Leythos, May 19, 2009
    #7

  8. Just to add, if anyone decides to use the .org portion of the name, make sure the public name is not registered by anyone else. This will complicate Exchange 2007 UC/SAN certs because one of the recommended names to add to the cert is the internal mail server's FQDN. If it belongs to someone else, the cert folks will not approve it because the WHOIS will not match the company asking for it. I just went through this with a customer. Someone else set it up and they asked me to migrate it 2007. Well, the cert issue came up. I wound up doing a migration to a new domain with a .net name they wound up registering so they own it. Once complete, the cert was approved and issued. What a mess that was.

    --
    Ace

    This posting is provided "AS-IS" with no warranties or guarantees and
    confers no rights.

    Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSA Messaging, MCT
    Microsoft Certified Trainer


    For urgent issues, you may want to contact Microsoft PSS directly. Please
    check http://support.microsoft.com for regional support phone numbers.

    "Efficiency is doing things right; effectiveness is doing the right things." - Peter F. Drucker
    http://twitter.com/acefekay
     
    Ace Fekay [Microsoft Certified Trainer], May 19, 2009
    #8
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.