It's all in a Domain Name

[John Kaftan <jkaftan () UTICA EDU>]

We are migrating to AD from Novell and are deciding on a domain name.  We
have been reading through Microsoft's KB articles and asking friends what is
the best domain name for Utica College.  One of our goals as a college is to
become a university so our name could change to Utica University or
something simular.  So far I have not found any document that makes it clear
what the implications are in regards to a domain name.  Microsoft seems to
be mostly concerned with making sure the name is unique so we can merge with
another organization easily but I'd like to know if there is a major
security reason to go one way over another.  Here are the options as we see
them.  Our internet facing domain name is Utica.edu.





John Kaftan

Infrastructure Manager

Utica College

315.792.3102







Utica.edu



Pros:



Simple straight forward.  Can easily survive a college name change.  If we
create branch campuses we could easily create a forest later, i.e.
az.utica.edu for an branch campus in Arizona.



Cons:



Have to maintain two split DNS zones for Utica.edu.  One for the inside and
another for the DMZ or internet facing names.



Ad.utica.edu or main.utica.edu or Utica.utica.edu



Pros:



Separate DNS zones for inside and internet names = can just forward inside
DNS to DMZ DNS and only maintain Utica.edu zone in one place.



Cons:



Longer names internally when using FQDN for servers.  Possible issues with
wild card certificates.



Utica.lan or Utica.local



Pros:



Separate DNS zones for inside and DMZ plus short domain name.



Cons:



Microsoft does not like it but the only reason I can see is because it is
possible for two companies to have the same domain name and not being able
to merge easily.  Possible issue with VPNs or Citrix secure Gateway but was
not able to get detail on that.