Educause Security Discussion mailing list archives

Re: It's all in a Domain Name

From: Matthew Gracie <graciem () CANISIUS EDU>
Date: Thu, 18 Mar 2010 09:21:46 -0400

Consolvo, Corbett D wrote:

John,

  I would recommend the third option (.local).  I have been in that
environment before (including providing remote access services) and I
feel that provides the best security.  We did not run in to any major
technical issues.



Corbett Consolvo


I would concur - we're in the middle of a Netware - AD conversion
ourselves, and we went with a disjoint namespace (canisius.ad). Since
the vast majority of our infrastructure is not tied into the AD
deployment - we're primarily a Unix shop - we wanted to maintain a clean
separation between the environments.

The only thing I would caution about using .local is that I've heard of
people having issues with Zeroconf/Bonjour, since that's the default TLD
for that protocol stack.

--
Matt Gracie                         (716) 888-8378
Information Security Administrator  graciem () canisius edu
Canisius College ITS                Buffalo, NY
http://www2.canisius.edu/~graciem/graciem_public_key.gpg

Current thread:

It's all in a Domain Name John Kaftan (Mar 18)
- <Possible follow-ups>
- Re: It's all in a Domain Name Consolvo, Corbett D (Mar 18)
- Re: It's all in a Domain Name Matthew Gracie (Mar 18)
- Re: It's all in a Domain Name Valdis Kletnieks (Mar 18)
- Re: It's all in a Domain Name Kenneth Arnold (Mar 18)
- Re: It's all in a Domain Name Consolvo, Corbett D (Mar 18)
- Re: It's all in a Domain Name John Kristoff (Mar 18)
- Re: It's all in a Domain Name Michael Sinatra (Mar 18)