.local or .com for domain names on your domain controller? Two way trust question too

Hey guys,
I recently was doing a two way trust for two different forest for a lab. I was wondering if a domain should be .local or .com? Also, I read that its recommended to do a forwarder to point at each forest. How would this work in the real world if there's a website being hosted as the website?

I'm guessing a site to site vpn is used in these types of scenarios?


  • alan2308alan2308 CISSP, MCSA 2008, MCSA 2012, CCNA R&S, CCNA Security Ann Arbor, MIMember Posts: 1,854 ■■■■■■■■□□
    Your domain is generally used internally only, so it doesn't really matter too much what you call it. I support companies that use their actual domain name internally (.com) and others that use a .local. Internally you're using a DNS zone that is not exposed to the world.

    I'll leave the second part to someone more experienced with multi-forest environments. This was one of the scenarios that Microsoft envisioned when they created the conditional forwarder and they do recommend it everywhere it can be used, but I have no idea what is actually used in the real world especially when non Windows DNS servers are in the picture.
  • techfiendtechfiend Member Posts: 1,481 ■■■■□□□□□□
    I've read a few articles on .local being a potential headache. Mainly concerning trusts and certificates and instead suggest something like users.company.com. I'm working with .local right now but after I suggested it to the admin we are migrating to .com in a few weeks.

    I believe microsoft used to use .local for labs prior to server 2008 but since have switched to .com.
    2018 AWS Solutions Architect - Associate (Apr) 2017 VCAP6-DCV Deploy (Oct) 2016 Storage+ (Jan)
    2015 Start WGU (Feb) Net+ (Feb) Sec+ (Mar) Project+ (Apr) Other WGU (Jun) CCENT (Jul) CCNA (Aug) CCNA Security (Aug) MCP 2012 (Sep) MCSA 2012 (Oct) Linux+ (Nov) Capstone/BS (Nov) VCP6-DCV (Dec) ITILF (Dec)
  • Chivalry1Chivalry1 Member Posts: 569
    I recommend actually using a routable namespace .com .org .net etc. As mentioned you will find more headaches when attempting to rollout PKI. Also I have found other challenges when you have a .local when trying to utilize cloud based services (PaaS, SaaS, IaaS) and its integration with Single Sign On (SSO).
    "The recipe for perpetual ignorance is: be satisfied with your opinions and
    content with your knowledge. " Elbert Hubbard (1856 - 1915)
  • -hype-hype Member Posts: 165
    We were .local but switched to .com to facilitate Office365.
    WGU BS IT:Network Administration
    Started: 10-1-13
    Completed: 9-21-14
    Transferred: 67 CU Completed: 54 CU
  • jahazieljahaziel Member Posts: 175
    Thank you everyone!

    I though the same when I was trying out my labs but wanted to confirm.
Sign In or Register to comment.