RE: [ActiveDir] Using a non-standard TLD in your domain name?

[Rich Milburn]

I’ve heard arguments about not confusing publicly-accessible domain names with internal AD domain names (.local gives it away that it’s not accessible from the Internet by name), the value there could be debated but I’ve used it or maintained it that way and it does help a little – except when you have to explain to people not to make it company.local.com J).  From a security aspect someone’s definitely not going to register the internal name if it’s company.local, which I suppose could happen with a real TLD suffix, but all you do by avoiding external name resolution is foil about 1.5% of hackers out there.    Rich   Rich Milburn MCSE, Microsoft MVP - Directory Services Sr Network Analyst, Field Platform Development Applebee's International, Inc. 4551 W. 107th St Overland Park, KS 66207 913-967-2819 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Wednesday, May 12, 2004 10:17 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Using a non-standard TLD in your domain name?   Yeah the namespace collision thought is the only thing that crossed my mind. But then I stood next to Roger drinking beer while he went on about that subject to some depth a few weeks back and when Roger tells you something when you are standing next to him... You listen. :o)      joe   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Roger Seielstad Sent: Wednesday, May 12, 2004 9:24 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Using a non-standard TLD in your domain name? I prefer to use registered, valid TLD's, but not publishing the DNS zones to the outside world. That's what we've done here, and its been very successful for the last 2-3 years. I would register a different domain than your corporate domain, however.   I've been through a number of corporate mergers and acquitisons, and knowing that you won't have a namespace collision is critical for those.   Roger -------------------------------------------------------------- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc.     From: Celone, Mike [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 12, 2004 8:39 AM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] Using a non-standard TLD in your domain name? We are reviewing designs for our global AD environment and one suggestion what so use a non-standard TLD for our domain instead of the usual .com, org, net, etc.  One group is arguing that using a non-standard TLD is better for security.  Can someone expand on this.  When they were asked to they simply said they heard it from a consultant.  Are there any applications that will be expecting a normal TLD and may not work with a non-standard TLD?  What are the pros/cons of using a non-standard TLD?     Mike Celone Systems Specialist Radio Frequency Systems v 203-630-3311 x1031 f 203-634-2027 m 203-537-2406   -------APPLEBEE'S INTERNATIONAL, INC. CONFIDENTIALITY NOTICE------- PRIVILEGED / CONFIDENTIAL INFORMATION may be contained in this message or any attachments. This information is strictly confidential and may be subject to attorney-client privilege. This message is intended only for the use of the named addressee. If you are not the intended recipient of this message, unauthorized forwarding, printing, copying, distribution, or using such information is strictly prohibited and may be unlawful. If you have received this in error, you should kindly notify the sender by reply e-mail and immediately destroy this message. Unauthorized interception of this e-mail is a violation of federal criminal law. Applebee's International, Inc. reserves the right to monitor and review the content of all messages sent to and from this e-mail address. Messages sent to or from this e-mail address may be stored on the Applebee's International, Inc. e-mail system.