+ Reply to Thread
Results 1 to 6 of 6
  1. Senior Member
    Join Date
    May 2011
    Location
    =
    Posts
    174

    Certifications
    A+, CCENT,CCNA,BAIS,BCNE,MSCA Server 2012, MCP windows 8.1
    #1

    Default .local or .com for domain names on your domain controller? Two way trust question too

    Hey guys,
    I recently was doing a two way trust for two different forest for a lab. I was wondering if a domain should be .local or .com? Also, I read that its recommended to do a forwarder to point at each forest. How would this work in the real world if there's a website being hosted as the website?

    I'm guessing a site to site vpn is used in these types of scenarios?
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member alan2308's Avatar
    Join Date
    Apr 2010
    Location
    Ann Arbor, MI
    Posts
    1,809

    Certifications
    CCNA, CCNA Sec, MCSA 2008, MCSA 2012, CISSP
    #2
    Your domain is generally used internally only, so it doesn't really matter too much what you call it. I support companies that use their actual domain name internally (.com) and others that use a .local. Internally you're using a DNS zone that is not exposed to the world.

    I'll leave the second part to someone more experienced with multi-forest environments. This was one of the scenarios that Microsoft envisioned when they created the conditional forwarder and they do recommend it everywhere it can be used, but I have no idea what is actually used in the real world especially when non Windows DNS servers are in the picture.
    Reply With Quote Quote  

  4. Senior Member
    Join Date
    Oct 2014
    Posts
    1,441

    Certifications
    VCAP6-DCV Deploy, VCP6-DCV, MCSA 2012, CCNA R&S, CCNA Sec, Linux+ Storage+ Sec+ Net+ A+ Proj+ ITILF
    #3
    I've read a few articles on .local being a potential headache. Mainly concerning trusts and certificates and instead suggest something like users.company.com. I'm working with .local right now but after I suggested it to the admin we are migrating to .com in a few weeks.

    I believe microsoft used to use .local for labs prior to server 2008 but since have switched to .com.
    2017 VCAP6-DCV Deploy (Oct) 2016 Storage+ (Jan)
    2015 Start WGU (Feb) Net+ (Feb) Sec+ (Mar) Project+ (Apr) Other WGU (Jun) CCENT (Jul) CCNA (Aug) CCNA Security (Aug) MCP 2012 (Sep) MCSA 2012 (Oct) Linux+ (Nov) Capstone/BS (Nov) VCP6-DCV (Dec) ITILF (Dec)
    Reply With Quote Quote  

  5. Senior Member Chivalry1's Avatar
    Join Date
    Mar 2005
    Location
    127.0.0.1
    Posts
    554

    Certifications
    CISSP, CICSP, MCSE, C|EH, MCSA, MCITP: EMA 2K7/2010, MCTS:Exchange 2K7/2010, Sec+, Net+, CCA-XENAPP, ITIL-V3, MCDST, MOS
    #4
    I recommend actually using a routable namespace .com .org .net etc. As mentioned you will find more headaches when attempting to rollout PKI. Also I have found other challenges when you have a .local when trying to utilize cloud based services (PaaS, SaaS, IaaS) and its integration with Single Sign On (SSO).
    "The recipe for perpetual ignorance is: be satisfied with your opinions and
    content with your knowledge. " Elbert Hubbard (1856 - 1915)
    Reply With Quote Quote  

  6. Senior Member -hype's Avatar
    Join Date
    Jan 2013
    Posts
    164

    Certifications
    A+, Sec+, Project+, 70-680, 70-686, 70-640, 70-642, 70-646, MCSA: Win 7, MCSA: Win 2K8, MCITP:ED, MCITP:EA, CCNA R&S, Useless CIW x2
    #5
    We were .local but switched to .com to facilitate Office365.
    Reply With Quote Quote  

  7. Senior Member
    Join Date
    May 2011
    Location
    =
    Posts
    174

    Certifications
    A+, CCENT,CCNA,BAIS,BCNE,MSCA Server 2012, MCP windows 8.1
    #6
    Thank you everyone!

    I though the same when I was trying out my labs but wanted to confirm.
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks