Advice on Internal Domain Names

Ole Christensen Ole.Christensen at post.uni2.dk
Tue Jan 25 23:52:04 UTC 2000


If you want your "internal" users to have access to "external"/"public"
webservers in the foo.co.uk domain AND "internal" webservers, you should
definitely not use the naming scheme 'host.foo.co.uk' for internal
servers. The reason for this is you will have to register the external
servers on both the external (outside/public) DNS as well as on the
internal, and that if you plan to use a http-proxy for external
web-access you will have to administrate a (limited length)
exception-list for servers that your users browsers should  access
directly rather than through the proxy.

Whether or not you should use 'host.branch.intra.foo.co.uk' or only
'host.branch.foo.co.uk' is (I think) a matter of personal taste and how
complicated you want your (and your users) life to  be.  

Regards,

Ole Christensen

Jim Reid wrote:
> 
> >>>>> "Mark" == Mark Taylor <nobody at nowhere.com> writes:
> 
>     Mark> Hi I want some advice on how to name my internal domains.
>     Mark> We have a registered Domain Name (foo.co.uk for this
>     Mark> example), and I need to break it down for my internal
>     Mark> branches.
> 
>     Mark> This will put all our internet servers on "visible"
>     Mark> foo.co.uk.  Everything on our intranet will be "non-visible"
>     Mark> intranet.foo.co.uk.
> 
>     Mark> Is this the recommend approach to naming internal domains ?
> 
> I don't think there are any recommendations for this. The naming
> scheme you've suggested will work OK, but it's perhaps a bit
> clumsy. You'll end up with internal hostnames like
>         host.branch.intranet.foo.co.uk
> which is a bit of a handful. The extra typing could be a bit of a
> nuisance for the internal users.
> 
> It might be better to just use host.branch.foo.co.uk internally unless
> you *really* want to include another domain name component to
> differentiate between external and internal hosts. [And if you do
> that, there might be subtle knock-on effects on your internal mail
> configuration, resolver setups and so on.] You could just use split
> DNS and have two versions of foo.co.uk: one for the outside world and
> one for the inside. The outside world doesn't get to see your internal
> name space. The internal foo.co.uk could even be a superset of the
> external one. Running the two foo.co.uk on different name servers is a
> good idea too. That way it's easier to seperate the two name spaces
> and prevent the internal names from leaking to the outside world.



More information about the bind-users mailing list