Advice on Internal Domain Names

Mon Jan 31 08:49:29 UTC 2000

Wow.

Come back five days later and find a huge response.

Thanks to everyone for their advice.  I think I will probabley stick to the
host.branch.intranet.foo.co.uk structure because, as Peter says, it will
allow for some common services.

I'm not to worried about the long host name implication as most users will
be defaulted to localhost.branch.intranet.foo.co.uk, or
bigserver.intranet.foo.co.uk, and then use links to jump around (if they
ever need to).  And for those buggers that want their home page to be
www.big-girls-r-us.com, then they can put the servers in their favourites
:-)

Thanks again

Mark Taylor

Kevin Darcy wrote in message <388F54CA.63B649C7 at daimlerchrysler.com>...
>Adam Augustine wrote:
>
>> [snip]
>>
>> Also, it is actually very simple to make a general distinction between
>> external and internal hosts for a web browser without going through all
the
>> exception list stuff even though they may be in the same DNS subdomain.
>>
>> The requirements are that the hosts are on different IP subnets (as they
>> typically are in this situation) and the other gotcha is that it uses a
DNS
>> check to distinguish external and internal, so it creates an extra lookup
>> for every host resolved (once for the check the client makes to see which
>> subnet the target host is on, and once for the firewall to actually
resolve
>> the address).
>
>An extra lookup for every URL is a *huge* performance hit on a stupid
Wintel
>desktop that doesn't cache its DNS lookups. Remember that a single page can
>have dozens of URL's; all those lovely images to automatically download. We
>experimented with this approach and were practically lynched by the pilot
user
>group, because it slowed their web access to a crawl. Just a word of
caution.
>
>Ran fine on my Solaris workstation, of course...
>
>
>- Kevin
>
>> -----Original Message-----
>> From: Ole Christensen [mailto:Ole.Christensen at post.uni2.dk]
>> Sent: Tuesday, January 25, 2000 4:52 PM
>> To: Jim Reid
>> Cc: comp-protocols-dns-bind at moderators.isc.org
>> Subject: Re: Advice on Internal Domain Names
>>
>> If you want your "internal" users to have access to "external"/"public"
>> webservers in the foo.co.uk domain AND "internal" webservers, you should
>> definitely not use the naming scheme 'host.foo.co.uk' for internal
>> servers. The reason for this is you will have to register the external
>> servers on both the external (outside/public) DNS as well as on the
>> internal, and that if you plan to use a http-proxy for external
>> web-access you will have to administrate a (limited length)
>> exception-list for servers that your users browsers should  access
>> directly rather than through the proxy.
>>
>> Whether or not you should use 'host.branch.intra.foo.co.uk' or only
>> 'host.branch.foo.co.uk' is (I think) a matter of personal taste and how
>> complicated you want your (and your users) life to  be.
>>
>> Regards,
>>
>> Ole Christensen
>>
>> Jim Reid wrote:
>> >
>> > >>>>> "Mark" == Mark Taylor <nobody at nowhere.com> writes:
>> >
>> >     Mark> Hi I want some advice on how to name my internal domains.
>> >     Mark> We have a registered Domain Name (foo.co.uk for this
>> >     Mark> example), and I need to break it down for my internal
>> >     Mark> branches.
>> >
>> >     Mark> This will put all our internet servers on "visible"
>> >     Mark> foo.co.uk.  Everything on our intranet will be "non-visible"
>> >     Mark> intranet.foo.co.uk.
>> >
>> >     Mark> Is this the recommend approach to naming internal domains ?
>> >
>> > I don't think there are any recommendations for this. The naming
>> > scheme you've suggested will work OK, but it's perhaps a bit
>> > clumsy. You'll end up with internal hostnames like
>> >         host.branch.intranet.foo.co.uk
>> > which is a bit of a handful. The extra typing could be a bit of a
>> > nuisance for the internal users.
>> >
>> > It might be better to just use host.branch.foo.co.uk internally unless
>> > you *really* want to include another domain name component to
>> > differentiate between external and internal hosts. [And if you do
>> > that, there might be subtle knock-on effects on your internal mail
>> > configuration, resolver setups and so on.] You could just use split
>> > DNS and have two versions of foo.co.uk: one for the outside world and
>> > one for the inside. The outside world doesn't get to see your internal
>> > name space. The internal foo.co.uk could even be a superset of the
>> > external one. Running the two foo.co.uk on different name servers is a
>> > good idea too. That way it's easier to seperate the two name spaces
>> > and prevent the internal names from leaking to the outside world.
>
>
>
>
>
>