Split-bain - the long standing internal domain naming debate revisited

by Ed Sparks

The heated discussion that surrounds naming an internal Active Directory domain the same or differently than the external public DNS name lives on.​

In my opinion, in these days of increasingly mobile, unmanaged device access, and with the "just works" mantra that I follow - using the same internal and external namespace is the preferred option.​ (i.e  corporate.com for both your AD and public DNS).

By doing so, users get to use and remember a single logon and email address, and there's way less fuss when setting up user accounts.  Any of the supposed security disadvantages are simple to overcome with split DNS servers, and the exceptional capabilities of today's application firewalls.

I recently found an interesting old thread on this topic, that is replicated below.  It's a good read on the topic.

Read More