Article ID: 285983 - View products that this article applies to.
This article was previously published under Q285983
This article has been archived. It is offered "as is" and will no longer be updated.
You must carefully consider how to design namespaces for internal and external networks in a Microsoft Windows 2000-based domain. This article provides some suggestions about implementing namespaces.
The preferred method of creating a namespace is to create an internal namespace that is different from the external namespace. This creates a barrier between your internal resources and the Internet. For example:
Internal domain: IDEALLAB.INTERNAL
External domain: IDEALLAB.COM
For more information, click the following article number to view the article in the Microsoft Knowledge Base:
300684It is important to understand the distinction between Domain Name System (DNS) namespaces and Active Directory (Lightweight Directory Access Protocol, or LDAP) namespaces. Your internal DNS namespace should be identical to your Active Directory namespace. If you name your internal DNS namespace "Ideallab", your Active Directory name should also be "Ideallab". If you use an internal name of "Corp.ideallab.com", this name is a DNS name but is completely disassociated from the Internet. The "Ideallab" DNS name places you at the .com, .org, .edu, .gov level of the DNS hierarchy.
(http://support.microsoft.com/kb/300684/ )Information about configuring Windows for domains with single-label DNS names
Some advantages and disadvantages of separating your internal and external namespaces are:
The internal namespace is not registered with Internic. Internal resources are not exposed.
Proxy clients need to exclude only the external namespace, which allows any external DNS queries to the Internet to proceed through the Proxy Server.
Logon and e-mail names are different. Each must be mapped to the appropriate namespace.
The user logon name will use the internal LDAP namespace as a suffix, such as user@ideallab. This can be mapped to the external namespace email@example.com by using an alternate Universal Principal Name (UPN) suffix.
For more information, refer to the following article in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/243280/ )Users can log on using user name or user principal name
In this example, e-mail names coming from the Internet would use a suffix of firstname.lastname@example.org. This can be mapped to a number of different namespaces, including LDAP and Simple Mail Transfer Protocol (SMTP). Your DNS server will need an Mail Exchange (MX) record to (mailserver.ideallab.com) and a corresponding Host (A) record.