Re: It's all in a Domain Name

[Valdis Kletnieks <Valdis.Kletnieks () VT EDU>]

On Thu, 18 Mar 2010 09:05:23 EDT, John Kaftan said:

> We are migrating to AD from Novell and are deciding on a domain name.  We
> have been reading through Microsoft's KB articles and asking friends what is
> the best domain name for Utica College.  One of our goals as a college is to
> become a university so our name could change to Utica University or
> something simular.  So far I have not found any document that makes it clear
> what the implications are in regards to a domain name.  Microsoft seems to
> be mostly concerned with making sure the name is unique so we can merge with
> another organization easily but I'd like to know if there is a major
> security reason to go one way over another.  Here are the options as we see
> them.  Our internet facing domain name is Utica.edu.

If you've already deployed utica.edu, stick with it.

The "Separate DNS zones" issue is a red herring - you can either decide to
do split-view DNS, or not (we don't), but the decisions driving that choice
are totally orthogonal to the domain used.

We ended up using <dept>.vt.edu as our main DNS structure, and then parking
the AD address space at <dept>.w2k.vt.edu, mostly because at the time we
deployed AD, the people managing our production DNS weren't thrilled with
the idea of AD's dynamic updating, especially with trying to sync our
off-campus DNS secondaries, which are run by somebody else.

> Microsoft does not like it but the only reason I can see is because it is
> possible for two companies to have the same domain name and not being able
> to merge easily.

This only happens if both companies do something stupid like go down the
.local route.  There was a *reason* why RFC2826 was written:

2826 IAB Technical Comment on the Unique DNS Root. Internet
     Architecture Board. May 2000. (Format: TXT=13400 bytes) (Status:
     INFORMATIONAL)

Attachment: _bin
Description: