The table summarizes DNS naming strategy design choices and their implications. The following flow chart represents a decision tree that is useful for determining the appropriate naming strategy for an organization.
| Design Choice | Implications |
|---|---|
| Delegated subdomain for the internal network | Isolates all Active Directory data from the public resources in its domain or domain tree. Contiguous namespace. The delegated Active Directory root domain requires its own DNS server. Does not require upgrading any existing DNS servers. Fully qualified domain names of hosts will be longer. |
| Single DNS name for public and private networks | Users can use a single domain name. Additional administration is required. Configuration of a firewall can be more complex. No additional names need to be registered. Must synchronize with mirrored external resources. |
| Different DNS name for public and private networks | Management and security are easier due to a clear distinction between public and private resources. The internal naming hierarchy is not exposed on the Internet. Internal resources are inaccessible from the Internet by using the external domain name. No need to replicate external server content to internal servers. Some users may be confused by the different name. You may need to upgrade existing DNS servers to provide support for SRV resource records. Existing DNS infrastructure and host names can remain unchanged. Existing DNS zones and DNS topology can remain unchanged. |