RE: Windows 2003 Active Directory

  • From: "Steve Moffat" <steve@xxxxxxxxxx>
  • To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
  • Date: Mon, 7 Mar 2005 08:35:19 -0400

 DO NOT USE ".local" AS THE TLD.

That is not a valid private use TLD:

  "John Savill
InstantDoc #44818
John Savill's FAQ for Windows  

A. Companies often use a .local or .pvt TLD to name an AD tree. However,
as I explain shortly, it's better to use a standard naming method--for
example, create a name by using a subdomain of your company's DNS
address space (e.g., if your company's DNS domain is, you
could name your AD tree When you use this method,
though, you must remember that the DNS information for the AD tree is
hosted on internal DNS servers, not on your external DNS servers. This
means that external users can't see information about your internal
infrastructure because external users can access only the external DNS
server, which has no information about your internal infrastructure.
Alternatively, if you want to create a second-level name for your AD
domain, reserve another name--for example, don't set your
AD domain to the same name as your external name, to avoid causing
confusion in name resolution.

If you're determined to use a nonstandard TLD in your domain name, avoid
the use of .local or .pvt because they aren't reserved. Instead, use one
of these reserved top-level domains:

You can find more information about these names in Internet Engineering
Task Force (IETF) Request for Comments (RFC) 2606. Remember, if you use
these nonstandard DNS names, you can't obtain certificates from a
third-party Certificate Authority (CA), which might cause problems for
your organization."

By the way, in using Windows Server 2003 AD, you can setup your domain
as internal.example.moc and in DNS point the root domain example.moc at
the external DNS server. That way, your internal DNS server will be
responsible for internal.example.moc and all other example.moc queries
will be sent to the configured external server.

-----Original Message-----
From: Dan HINCKLEY [mailto:danslists@xxxxxxxx] 
Sent: Monday, March 07, 2005 8:18 AM
To: [ExchangeList]
Subject: [exchangelist] RE: Windows 2003 Active Directory

At 12:53 3/7/2005, you wrote:

>This actually works and solves one problem. If you dont name your AD 
>domain to the name of actual domain name, then at times, machines go 
>out to look for that domain unless you have your domain ending with 
>.local., in a NATing scenario.
>In this scenario, you need to maintain separate servers for internal 
>and external.


Can you point me to a URL with documentation on .local?

>From: Steve Moffat [mailto:steve@xxxxxxxxxx]
>Sent: Monday, March 07, 2005 5:15 PM
>To: [ExchangeList]
>Subject: [exchangelist] RE: Windows 2003 Active Directory
>From: rahil [mailto:rahil.warang@xxxxxxxxx]
>Sent: Monday, March 07, 2005 7:41 AM
>To: [ExchangeList]
>Subject: [exchangelist] RE: Windows 2003 Active Directory
>Dear Steve,
>Are you sure on this
>-----Original Message-----
>From: Steve Moffat [mailto:steve@xxxxxxxxxx]
>Sent: Monday, March 07, 2005 3:28 PM
>To: [ExchangeList]
>Subject: [exchangelist] RE: Windows 2003 Active Directory
>You will have no problems using a .com for your internal domain.

List Archives:
Exchange Newsletters:
Exchange FAQ:
Other Internet Software Marketing Sites:
World of Windows Networking: Leading
Network Software Directory:
No.1 ISA Server Resource Site: Windows Security
Resource Site: Network Security Library: Windows 2000/NT Fax Solutions:
You are currently subscribed to this Discussion List as:
ExchangeMailingList@xxxxxxxxxx To unsubscribe visit
Report abuse to listadmin@xxxxxxxxxxxxxx

The haggis is unusual in that it is neither consistently nocturnal nor diurnal, 
but instead is active at dawn and dusk (crepuscular), with occasional forays 
forth during the day and night. 

Other related posts: