Local Intranet Domain Name???

  • Thread starter Thread starter DavidM
  • Start date Start date
D

DavidM

I'm setting up an Extranet connection that will be accessible only to folks
at my company and our customers which whom have circuits connected to us.
Local IIS application will not be available thru Internet, however all our
direct customers need access to it.

I've going to setup DNS because I do not want my customers to use TCP/IP
address to access web application. Is there a particular naming convention
that should be used for internal domain names? .net, .local?

Any help would be appreciated.
 
In
DavidM said:
I'm setting up an Extranet connection that will be accessible only to
folks at my company and our customers which whom have circuits
connected to us. Local IIS application will not be available thru
Internet, however all our direct customers need access to it.

I've going to setup DNS because I do not want my customers to use
TCP/IP address to access web application. Is there a particular
naming convention that should be used for internal domain names?
.net, .local?

Any help would be appreciated.
Click to expand...

If all your asking is what name to choose, it could be any name you want it
to be. We just normally suggest to make it something otehr than your
external name.

You can make it .david if you like.

:-)

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.
 
"Ace Fekay [MVP]"
In

If all your asking is what name to choose, it could be any name you want it
to be. We just normally suggest to make it something otehr than your
external name.

You can make it .david if you like.
Click to expand...

Ace is correct in PRINCIPLE, but you must also pick a name
that your customers can "resolve" which is (almost) a separate
issue.

The issue is NOT the "name" so much as "HOW" the customer
DNS clients or DNS servers will resolve your name.

If your customers have no reference to your .David or .local
domain, and no way to recurse through THEIR (or the Internet)
Hierarchy to find it then they will never find your DNS servers.

Solutions include:

1) Use a public name and register it so that the customers
can use the public Internet DNS name space to "find" your
resources, BUT then filter out unwanted traffic with a
firewall or by using unroutable addresses (due to the direct
connection working for them.)

2) Have EACH customer hold a "secondary" for your DNS
zone(s) so that they can resolve your names directly.

3) Use Win2003 DNS (at the customer sites) to implement
either "conditional forwarding" or "stub zones".
The problem here is that each customer must have at
Win2003 DNS servers.

4) Do something similar to #3 using BIND -- this is probably
at least as bad as #3
 
If all your asking is what name to choose, it could be any name you
want it to be. We just normally suggest to make it something otehr
than your external name.

You can make it .david if you like.
Click to expand...

Well ... in principle it's correct Ace, although it mainly depends
from how the remote clients will handle name resolution; if the
"clients" will be using David's DNS servers then he may use
whatever he wants, but if the remote clients have their own
DNS servers then I'd suggest using a subdomain of the
master company domain, so, if the public domain for the
company is (e.g.) "foobar.com" David may as well use
something like "wan.foobar.com" btw he will need to set
up his DNS servers to handle it, but this way the external
clients won't have resolution problems at all whatever
DNS they'll decide to use (theirs or David's ones)
 
In
ObiWan said:
Well ... in principle it's correct Ace, although it mainly depends
from how the remote clients will handle name resolution; if the
"clients" will be using David's DNS servers then he may use
whatever he wants, but if the remote clients have their own
DNS servers then I'd suggest using a subdomain of the
master company domain, so, if the public domain for the
company is (e.g.) "foobar.com" David may as well use
something like "wan.foobar.com" btw he will need to set
up his DNS servers to handle it, but this way the external
clients won't have resolution problems at all whatever
DNS they'll decide to use (theirs or David's ones)
Click to expand...

I know you and Herb elaborated a bit more on the issue, which is cool and
thanks!

But just want to point out I was just directly answering the poster's main
question about what name to use. David will have to provide logistics
support, supply the name to connect to their extranet site, maybe even
supply suffixes to make it work (additional overhead). I agree as well that
a subdomain of his public domain maybe an easier name for the users to
remember.

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.
 
I know you and Herb elaborated a bit more
on the issue, which is cool and thanks!
Click to expand...

Hi Ace; not "bashing" you at all, just trying to
help sorting out things a bit, your answer was
perfectly correct btw and you're right writing
that all the poster asked was "which name"
I just tried to figure out the most "direct" way
to achieve what he wrote "behind the lines"
<g> btw, as you pointed out this is far from a
complete solution and there will be more work
involved, but again, I tried to keep the answer
somewhat short

All the best :-) !
 
I'm setting up an Extranet connection that will be accessible only to folks
at my company and our customers which whom have circuits connected to us.
Local IIS application will not be available thru Internet, however all our
direct customers need access to it.

I've going to setup DNS because I do not want my customers to use TCP/IP
address to access web application. Is there a particular naming convention
that should be used for internal domain names? .net, .local?
Click to expand...

Well unless you have the .net domain registered, you don't want to
use. You can use anything, but it's best not to use your public
domain name, and in your case, you may want a separate name from your
internal domain. I've used .lan for internal, but even a .extranet
would be fine.

Jeff
 
Lets discuss option #1.

I currently have a domain name registered that is facing the internet that
our customers use. I also have a server on our private network that our
customers need access to. Our customers all have frame relay circuits into
us... so direct connectivity is not an issue for them.

Are you saying that I should/can create a subdomain off my main domain and
add a 192.168.x.y address to this. This way the customers can still use
their normal Internet DNS servers and the Internet DNS servers will return
the private IP to access the subdomain?
 
I can go into the AT&T Control Panel to manage my Internet DNS. Are you
suggesting that I create a subdomain for my private webserver... and add its
192.168 (Internet non-routable IP) to it...

Then when the customers type in subdomain.mydomain.com -- my DNS server will
return to them the 192.168 address?

If this works... this would keep me from having to install my own private
DNS and having the customers adding a forward lookup.

I guess the only drawback to this approach is if not all my customers have
direct Internet access.... Then they would not be able to resolve.

Opinions?
 
I like this approach in using a subdomain. My only issue with this may be
that not all customers have direct Internet connection. Some use dialup
when they need it. Arrghh

Regarding domain names... assuming I cannot use a subdomain, I'm still
wondering what a normal conveniention woudl be. Currently today... we us
..com for our public domain. For our private webserver/DNS, I created the
same domain but used a .net extension. I'm now thinking that .net probably
would not be a good idea... and should use .local to keep the customers DNS
servers from trying to resolve name thru Internet?


"Ace Fekay [MVP]"
 
..lan, .extranet, or .local... I think .local sounds like the best.

I believe our Windows NT AD domain name includes .local on it... which would
be consistent with our internal naming convention.
 
In
ObiWan said:
Hi Ace; not "bashing" you at all, just trying to
help sorting out things a bit, your answer was
perfectly correct btw and you're right writing
that all the poster asked was "which name"
I just tried to figure out the most "direct" way
to achieve what he wrote "behind the lines"
<g> btw, as you pointed out this is far from a
complete solution and there will be more work
involved, but again, I tried to keep the answer
somewhat short

All the best :-) !
Click to expand...

I know you weren't bashing or anything! :-) You were right to point that
out. It's all good and surely helps the posters here.

Cheers!!!
:-)

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.
 
In
DavidM said:
I like this approach in using a subdomain. My only issue with this
may be that not all customers have direct Internet connection. Some
use dialup when they need it. Arrghh
Click to expand...

I guess if they dialin directly it won't matter.
Regarding domain names... assuming I cannot use a subdomain, I'm still
wondering what a normal conveniention woudl be. Currently today...
we us .com for our public domain. For our private webserver/DNS, I
created the same domain but used a .net extension. I'm now thinking
that .net probably would not be a good idea...
Click to expand...

That's a common thing. :-)
and should use .local
to keep the customers DNS servers from trying to resolve name thru
Internet?
Click to expand...

Not necessarily. Assuming you;re talking about your AD name, its just
suggested to use something else other than your actual external name. The
name you choose for the TLD will not dictate whether it will resolve
externally or not. DNS will answer the best it can, if it can't (such as if
the zone doesn't exist -its not authorative for the zone) then it will
attempt a recursion either thru the Roots or a forwarder.


--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.
 
DavidM said:
Lets discuss option #1.

I currently have a domain name registered that is facing the internet that
our customers use. I also have a server on our private network that our
customers need access to. Our customers all have frame relay circuits into
us... so direct connectivity is not an issue for them.
Click to expand...
Are you saying that I should/can create a subdomain off my main domain and
add a 192.168.x.y address to this.
Click to expand...

Of course you can.

You can put any addresses you wish in there.

DNS doesn't care if they are good, bad, or indifferent.

BTW: 192.168.x.y addresses are VALID IP addresses --
just not valid on the 'backbone of the Internet.'

This way the customers can still use
their normal Internet DNS servers and the Internet DNS servers will return
the private IP to access the subdomain?
Click to expand...

Yes, BUT they have to be able to route to you AND
they must not be using ranges which conflict with your
ranges.

My (best guess) would be to suggest you use 172.29.0.0 to
avoid the ranges used by your clients.
(but if everyone takes that advice it will defeat the purpose.)

First consider that many people use 192.168.x.0 or 10.x.y.0,
and anyone doing "ICS" must use 192.168.0.x -- they have
no choice but this is only a direct issue for the smallest
companies/home users.

Bottom line: You must coordinate the ranges used by you
and your clients so they don't overlap since "The Internet"
is not coordinating these locally administered ranges.


--
Herb Martin

 
DavidM said:
I like this approach in using a subdomain. My only issue with this may be
that not all customers have direct Internet connection. Some use dialup
when they need it. Arrghh

Regarding domain names... assuming I cannot use a subdomain, I'm still
wondering what a normal conveniention woudl be. Currently today... we us
.com for our public domain. For our private webserver/DNS, I created the
same domain but used a .net extension. I'm now thinking that .net probably
would not be a good idea... and should use .local to keep the customers DNS
servers from trying to resolve name thru Internet?
Click to expand...

You can use "Local" or "Private" with pretty good
belief that these will not (ever?) be used on the public
Internet.

That your clients are not permanently connected to the
Internet brings up the likelyhood that some of them might
figure out that YOU will route their traffic to the Internet
for them -- unless you filter out their source addresses from
any but your desired destination networks.



--
Herb Martin

"Ace Fekay [MVP]"
Click to expand...
 
Regarding domain names... assuming I cannot use a subdomain, I'm still
..net is NOT a "good idea" unless you buy the name on the Internet.

It is not a good idea because if someone (legitimately) reserves that
name it can screw you and in any case it is the 'wrong thing to do.'

Using whatever.net is FINE if you buy that on the Internet (even
if you do nothing but "park" it so that no one else can use it.)

I own LearnQuick.org etc.....
 
DavidM said:
I can go into the AT&T Control Panel to manage my Internet DNS. Are you
suggesting that I create a subdomain for my private webserver... and add its
192.168 (Internet non-routable IP) to it...

Then when the customers type in subdomain.mydomain.com -- my DNS server will
return to them the 192.168 address?

If this works... this would keep me from having to install my own private
DNS and having the customers adding a forward lookup.
Click to expand...

Any customer able to resovle your Names to your addresses
will get back the address (yes, I know it is redundant.)

Any customer with an address will be able to contact you IF
THAT address is routable from them to you.

You are going to have MORE trouble explaining the "routing"
to your customer than explaining the "DNS."

And remember those address range clashes or overlaps.....
I guess the only drawback to this approach is if not all my customers have
direct Internet access.... Then they would not be able to resolve.
Click to expand...

Then they will need to hold a "secondary" for your resources;
or you will have to (ughghgh) support them using a "hosts" file
on EVERY legitimate/possible client machine.
 
we use .com for our public domain. For our private webserver/DNS, I
created the same domain but used a .net extension. I'm now thinking
that .net probably would not be a good idea... and should use .local
to keep the customers DNS servers from trying to resolve name thru
Internet?
Click to expand...

Well, not really an RFC <g> but I usually stick with ".lan" or ".wan"
when it comes to private DNS namespaces; both TLDs aren't
registered and I doubt they'll ever be :-)
 
Back
Top