Educause Security Discussion mailing list archives
Re: It's all in a Domain Name
From: Valdis Kletnieks <Valdis.Kletnieks () VT EDU>
Date: Thu, 18 Mar 2010 09:42:40 -0400
On Thu, 18 Mar 2010 09:05:23 EDT, John Kaftan said:
We are migrating to AD from Novell and are deciding on a domain name. We have been reading through Microsoft's KB articles and asking friends what is the best domain name for Utica College. One of our goals as a college is to become a university so our name could change to Utica University or something simular. So far I have not found any document that makes it clear what the implications are in regards to a domain name. Microsoft seems to be mostly concerned with making sure the name is unique so we can merge with another organization easily but I'd like to know if there is a major security reason to go one way over another. Here are the options as we see them. Our internet facing domain name is Utica.edu.
If you've already deployed utica.edu, stick with it. The "Separate DNS zones" issue is a red herring - you can either decide to do split-view DNS, or not (we don't), but the decisions driving that choice are totally orthogonal to the domain used. We ended up using <dept>.vt.edu as our main DNS structure, and then parking the AD address space at <dept>.w2k.vt.edu, mostly because at the time we deployed AD, the people managing our production DNS weren't thrilled with the idea of AD's dynamic updating, especially with trying to sync our off-campus DNS secondaries, which are run by somebody else.
Microsoft does not like it but the only reason I can see is because it is possible for two companies to have the same domain name and not being able to merge easily.
This only happens if both companies do something stupid like go down the .local route. There was a *reason* why RFC2826 was written: 2826 IAB Technical Comment on the Unique DNS Root. Internet Architecture Board. May 2000. (Format: TXT=13400 bytes) (Status: INFORMATIONAL)
Attachment:
_bin
Description:
Current thread:
- It's all in a Domain Name John Kaftan (Mar 18)
- <Possible follow-ups>
- Re: It's all in a Domain Name Consolvo, Corbett D (Mar 18)
- Re: It's all in a Domain Name Matthew Gracie (Mar 18)
- Re: It's all in a Domain Name Valdis Kletnieks (Mar 18)
- Re: It's all in a Domain Name Kenneth Arnold (Mar 18)
- Re: It's all in a Domain Name Consolvo, Corbett D (Mar 18)
- Re: It's all in a Domain Name John Kristoff (Mar 18)
- Re: It's all in a Domain Name Michael Sinatra (Mar 18)