Tue, Aug 30 2005 21:59
bradley
More on why we want .local, .lan, .bozo, .whocares but not .com, .net or .org
Read this KB
Quoted from there:
The following list describes some of the advantages when you use a separate and private domain name for the local Small Business Server network:
-
The management of the local namespace is controlled by the Small Business Server Server. When you use a private FQDN for local DNS name resolution, the DNS server becomes the start of authority for the local domain. This result means that a query to external DNS root servers is not required for local resource name resolution.
-
The security may be increased for your DNS server by not enabling zone transfers by means of the zone transfer properties of the forward lookup zone. Because dynamic registration of internal hosts can occur with the DNS server, if you disable the zone transfers from external clients, you can limit the exposure of internal host names to the Internet.
-
The natural separation of internal and external networks occurs because of the use of a separate internal namespace. A client query generated from the Internet for www.contoso.local does not return any valid domain information because .local, at the present time, is not a registered domain name. However, by using the Web Publishing rules in Internet Security and Acceleration (ISA) Server, internal Web sites can be hosted externally and viewed by using resolvable domain names. This hosting still requires a registered domain name as well as the appropriate public DNS records that resolve to the external IP address of Small Business Server. Refer to "Configuring Publishing" in ISA Server Help for more information about Web Publishing rules.
The disadvantages of using the sub-domain of a publicly registered domain name or a publicly registered domain name include, but may not be limited to, the following issues:
-
Internal clients may be able to resolve resources on the internal domain, however, queries to external resources of the domain are not resolved by the DNS server. For example, if the internal network namespace is configured by using the publicly registered domain name of Contoso.com, only resources that have "A" (Host) records in the forward lookup zone for Contoso.com are available to local clients. This behavior can pose a problem if Contoso.com hosts resources, such as, a web server by means of an external provider or Internet service provider (ISP). Any queries from internal clients to www.contoso.com are resolved as a negative query by the local DNS server because the "A" record for "www" does not exist in the forward lookup zone for Contoso.com. For clients to access external resources, "A" records must be added to the forward lookup zone of the DNS server for those resources.
-
The use of a publicly registered sub-domain name can pose the same problems as described for a publicly registered domain name. If at any time, the start of authority for the registered domain (Contoso.com, in this example) adds records for sub-domains, the currently configured private sub-domain may become public.
-
Name resolution problems that are created by using a publicly registered domain name can be avoided by planning the private namespace around a .local first-level domain so that, in this example, Contoso.com and Contoso.local are both available to internal clients, but Contoso.com is only available to external internet clients.
![[There's a reason that Yoda is the unofficial mascot of SBS. Size indeed matters not.]](http://www.sbslinks.com/images/headertop.png "There's a reason that Yoda is the unofficial mascot of SBS. Size indeed matters not!")