To use a .Local or real internet DNS name for SBS (Small Business Server)

.local vs top level domain - TechExams.net IT Certification Forums

.local vs top level domain - TechExams.net IT Certification Forums — Fri, 16 Jan 2009 15:03:13 GMT

PingBack from http://www.techexams.net/forums/off-topic/39342-local-vs-top-level-domain.html#post284943

On SBS, routable DNS, and perks to the job.

Mitchs Blog — Sun, 29 Jul 2007 08:49:09 GMT

One of the perks to my position is that I have had the opportunity to make friends with some great people

On SBS, routable DNS, and perks to the job.

Mitch's Blog — Fri, 13 Jul 2007 11:11:57 GMT

(Originally posted March 5, 2006) One of the perks to my position is that I have had the opportunity

re: To use a .Local or real internet DNS name for SBS (Small Business Server)

Tony Murray — Wed, 12 Apr 2006 05:54:56 GMT

Interesting discussion. Here's my 2 cents.

1. By using a registered, globally unique domain suffix you ensure that there are never going to be any interoperability issues with other AD implementations that may have chosen the same name (e.g. activedir.local).

2. If you use a subdomain of your existing, registered domain (e.g. ad.myco.com) then the integration with your existing DNS namespace is going to be easier.

Tony
MVP - Directory Services

Mobile 5 devices, locally issued cert, .local dns domain with SBS 2003

Canadian IT Professionals — Wed, 15 Mar 2006 23:46:57 GMT

I got an email from Kenrick Robertson a week or so ago about problems he’s been having trying to get...

re: To use a .Local or real internet DNS name for SBS (Small Business Server)

deji — Tue, 07 Mar 2006 21:48:57 GMT

SuperGumby is right on the money here. The .local namespace is an issue as he pointed out. Besides that, there is no technical justification for exposing your internal AD or tethering your AD namespace to your external presence.

The fact that your internal AD is named myAD.xyz does not inhibit your ability to present yourself as Rick@mycompany.co.whatever. Your exchange infrastructure is not married to your internal AD namespace in any technically rigid way. If this were so, there would have been no business built around the concept of Hosted Exchange.

So, while your discussion may have been technically fulfilling while it lasted, I am afraid it may have been for nought as it appears to me that there really is no "issue" here to be addressed in the first place.

re: To use a .Local or real internet DNS name for SBS (Small Business Server)

Susan — Tue, 07 Mar 2006 00:01:50 GMT

The cert issue has nothing to do with AD naming though. Exchange naming is not tied to AD naming.

Again.. you have to get up to R2 EE before you even get ADFS bits to play with.

99.99% of the SBS customers will never see these issues.

I have a self signed cert now that has no relationship with how my domain is named. In fact you don't even have to have it resolve to a proper name at all..it works with an IP address.

The only issue I currently have with self signed certs is that Vista slightly barfs on them, but other than that, there's no restrictions.

If you got a question about ADFS from a SBS customer they are probably also the ones complaining about the fact that SBS 2003 R2 has no real Windows R2 bits and they can't do quotas and DFS.

There's a white paper coming out with Mobile 5 and SBS in fact.. I'll ping it up here when it's live.

re: To use a .Local or real internet DNS name for SBS (Small Business Server)

SuperGumby [SBS MVP] — Mon, 06 Mar 2006 21:56:54 GMT

sorry if I misunderstood but a heading of 'To use a .Local or real internet DNS name for SBS (Small Business Server)' seems, to me, directly aimed at SBS. go figure.

More to the point. What problem with SSL certificates? What problem with Mobile 5 push? You may have an edge on me in the area of ADFS, but what exactly is the problem? All questions asked in light of .local vs FQDN based AD DNS, nothing yet about SBS.

But I'd also like to point out: SBS dev chose .local, it turns out to be a bad choice. Shortly _after_ SBS Dev chose .local other OS's (it's not only OSX, some linux variants are also involved) started treating .local in a non-standard manner. Due to this I have, for some time, used and promoted the use of .lan (hoping that no-one decides this also needs special handling).

But I do go further. I believe using an FQDN based DNS for your AD is so wrong, and that so many people make the mistake, that I want to thrash it out with someone, anyone, who can give me a valid reason for so naming your AD. Though I have been involved in such discussion for several years _not once_ has anyone come up with such 'valid reason'.

If I wish to make something inside my AD available publicy I point a name from my FQDN zone to the IP of my firewall (generally ISA, not that it matters much), the firewall then passes requests to my AD resource. I can, but normally don't, also host the FQDN zone.

As indicated in the newsgroup. I'd really much prefer the discussion to return to that forum, and I'd really like your participation. I hope to persuade you to stop doing what I consider a bad thing but maybe you can change my mind.

re: To use a .Local or real internet DNS name for SBS (Small Business Server)

Mitch Garvis — Mon, 06 Mar 2006 20:12:26 GMT

I love reading the intelligent back-and-forth between professionals. I was completely onside with SuperGumby until Rick gave me reason to change my mind. I did not do this solely because I respect Rick and his experience - I do, but I know we disagree on other matters. I changed my mind because Rick made a lot of valid points and touched on some technology pains that I had already encountered - yes this works but it's more work.

I am not an SBS-MVP but Microsoft does consider me an SME. As such I know the easy way to do things and I can assure you I know the hard way too. I do not particularly like building systems on workarounds which is why after my conversation with Rick I went back to my lab and built a test environment with a .com extension. Lo and behold some of my pains disappeared. I learned something new and yes, the next time Rick and I were together *I* bought the drinks!

M

Hey SuperGumby...

rclaus — Mon, 06 Mar 2006 17:47:14 GMT

I never mentioned this post or the one on the public newsgroups was solely about SBS. I merely mentioned that when choosing a DNS namespace for your AD design, you need to considered a lot more then just taking a .local because it's default and non routable.

You kind of reinforced my point with your comment "...I am about to create a namespace which will solely used internally to my AD, is there any reason why this namespace should be in any way related to my public namespace?" the answer is YES. If you take the short sighted approach that your AD will never need to be referenced outside your network, you are selling your design choice short and potentially limiting your options.

All my examples in the post related to needing access information and AD stuff outside (ie: SSL certificates, Mobile 5 Push email, Active Directory Federation Services with partners). These are the types of questions I get from SBS professionals who deploy and support SBS and have made the .local choice. There are work arounds, but they could have been avoided if they chose a sub dir option with a split managed DNS zone.

I'm not saying your way is wrong or my way is right - it's all a matter of perspective and what's right to the customer.

Rick