Author: Ashraf Al-Dabbas
So you’ve been hired to set up a domain for some business, but you are wondering what to choose for the internal domain name. I’ve been in this position more than once, and it is a hard decision indeed; one that has great implications on the management and setup of your network, as we will discuss in this article.
Why MyCompany.Local is a Bad Idea
One of the most common methods to name your internal domain is to name it something like mycompany.local. This is very common when you are naming a domain for a small business that does not plan to publish any servers on the Internet. However, this can be a very bad idea for the following reasons.
What if the need arise to publish something on the Internet? So far, the Top Level Domain (TLD) .local is not available for registration on the Internet and hence you cannot register any URL that ends with the .local for public access. In this case, you will have to publish the resource with a different name and this will sure confuse your users; as they will have to remember that their website is called something else when outside the office than when they are inside it!! This will also means that they cannot save it in any script or bookmark on their laptops.
And what if the TLD .local became available on the Internet, and somebody bought the name mycompany.local? This is highly unlikely to happen and there is currently a suggestion to prevent this from ever happening from the IETF: Reserved Top Level Domain Name. However if .local became available on the Internet and somebody obtained “yours” before you did, it will be an issue as soon as your internal users try to check www.mycompany.local of that company to see what they sell. Your internal DNS will point them to your internal www server (if any) and they would never be able to see that site.
There are also compatibility issues, such as Mac OSX 10.3 and later does not like .local domains. Mac OSX uses it for its Bonjour/Rendezvous services which will cause conflicts resulting in the inability to resolve anything in the internal network. There is a way around it that involves editing a file named local in the /etc/resolver directory on every Mac in your office, but who wants to do that? Scott Lowe has a great article on Mac OSX and .local domains for more info.
Alternatives to .Local
My advice is to avoid .local as long as you can. RFC 2606 lists the following TLDs reserved for private testing:
As you can see from the names, this was created for testing and not for production.
I strongly advise you to reserve your own domain name on the Internet, even if you are not planning on using it in the near future. At the least it will ensure that no conflicts will occur with some other business on the Internet with a similar name.
Using the External Domain Name
Another common method to name your internal domain is to name it like your external domain. This can work, but you will need to have and mange two different sets of DNS servers:
For example when users on the Internet try to access your website www.companyname.com, the external DNS name will resolve that to an IP on the public Internet. However, your internal DNS servers will not forward the request to external DNS servers as they are authoritative for the zone companyname.com and hence assume that if they do not know about the server www, then it must not exist. This can be solved by adding a record to the internal DNS telling it where the www server is on the Internet. The same applies to each resource that you publish on the Internet.
As you may clearly see, this can become a management hassle and cause errors, as it is not uncommon to forget changing the internal record when changing the external one or vice-versa.
Note that you may not be using your own servers to host the external DNS zone. Your ISP may do this for your or the hosting service that hosts your website. This complicates things even more as the hosting service may change the IP address of your website without even telling you.
The Solution: Using Subdomains
The recommended method by Microsoft is to name your internal domain as a subdomain of your external domain. Let’s assume that you own the name companyname.com and you have your website and other Internet facing services hosted on that domain. Since you own the domain, you can name your internal domain something like corp.companyname.com or ad.companyname.com.
This will insure that your internal DNS handles all queries of your internal resources on your internal network while it forwards any request for external resources to the external DNS servers. This will also have an added security benefit as the external DNS servers do not have any records of the internal network as they are all stored in the internal DNS server.
In conclusion, even if you are setting up an internal domain for a small company and you think that you fully understand its needs now, I strongly recommend following best practices outlined in this article. You can never know how soon the company’s needs may change and you find yourself regretting not following best practices or getting forced to rename your domain.