.local or .com for domain names on your domain controller? Two way trust question too

Hey guys,
I recently was doing a two way trust for two different forest for a lab. I was wondering if a domain should be .local or .com? Also, I read that its recommended to do a forwarder to point at each forest. How would this work in the real world if there's a website being hosted as the website?

I'm guessing a site to site vpn is used in these types of scenarios?

Find more posts tagged with

Comments

alan2308

Your domain is generally used internally only, so it doesn't really matter too much what you call it. I support companies that use their actual domain name internally (.com) and others that use a .local. Internally you're using a DNS zone that is not exposed to the world.

I'll leave the second part to someone more experienced with multi-forest environments. This was one of the scenarios that Microsoft envisioned when they created the conditional forwarder and they do recommend it everywhere it can be used, but I have no idea what is actually used in the real world especially when non Windows DNS servers are in the picture.

techfiend

I've read a few articles on .local being a potential headache. Mainly concerning trusts and certificates and instead suggest something like users.company.com. I'm working with .local right now but after I suggested it to the admin we are migrating to .com in a few weeks.

I believe microsoft used to use .local for labs prior to server 2008 but since have switched to .com.

Chivalry1

I recommend actually using a routable namespace .com .org .net etc. As mentioned you will find more headaches when attempting to rollout PKI. Also I have found other challenges when you have a .local when trying to utilize cloud based services (PaaS, SaaS, IaaS) and its integration with Single Sign On (SSO).

-hype

We were .local but switched to .com to facilitate Office365.

jahaziel

Thank you everyone!

I though the same when I was trying out my labs but wanted to confirm.