xxxx.com As Active Directory Domain Ok?

[Shockey]

Hello,

I did this without really thinking much about it while following a guide on how to setup Active Directory in server 08. I put xxxx.com as the active directory domain. Is this a security issue with doing this???

If so what should i change it to??

I planning to setup exchange on server08 also.

Thanks in advance.

 

[dbwillis]

internal network domain names are usually ending with .local, .priv, etc, theres no problem with having a .com domain name for your network, but not everyone does it that way

 

[Shockey]

internal network domain names are usually ending with .local, .priv, etc, theres no problem with having a .com domain name for your network, but not everyone does it that way

So if i open up port 80(web traffic) and email ports it won't be of a security risk for AD?

 

[YeOldeStonecat]

I wouldn't want port 80 open/forwarded to my LAN. Too many exploits on it, it'll always be under attack.

The first thing you'll find is, if you host your website or e-mail outside of your LAN....you'll find people who try to hit that from the inside will by default be pointed to your DC..since the DC things www and MX are local. You'd have to create entries in DNS to point those to the public IP of the host.

 

[Shockey]

I wouldn't want port 80 open/forwarded to my LAN. Too many exploits on it, it'll always be under attack.

Ok fair enough. (this is just an experimental lab running on ESX in my garage)

The first thing you'll find is, if you host your website or e-mail outside of your LAN....you'll find people who try to hit that from the inside will by default be pointed to your DC

So when people on my network (me) request the website xxxx.com they will get my DC instead of the website?

..since the DC things www and MX are local. You'd have to create entries in DNS to point those to the public IP of the host.

DNS and MX record are way over my head at this point. Working on grasping them next

 

[YeOldeStonecat]

So when people on my network (me) request the website xxxx.com they will get my DC instead of the website?

Si...because by default your DC will think it owns "shockey.com"

 

[Shockey]

Si...because by default your DC will think it owns "shockey.com"

So changing the domain on the DC to shockey.local would be the better option then.

 

[YeOldeStonecat]

It's one of the reasons the convention of .local is usually used.

If you're "stuck" with .com, you can still get around this..make a DNS record for www and point it to your websites server. And make a mail handler record that points to your actual mail host...if you have one. If not...no need to worry.

Since this appears to be a sandbox experiment for you, I see nothing else but a few hours time lost in doing a rebuild. If this was a server put into production with workstations/clients/users already working....it would be a lot of work to do a rebuild. Your call there.