Do not use made up domains for anything these days. It will make it a pain if you ever need a certificate for that domain that isn’t self-signed.
Comment on Anybody here running AD on-prem in your homelab?
Xakuterie@dormi.zone 4 months agoIf I remember correctly that is best practise, no? It was something.local or *.intern for years, until TLDs could be whatever you wanted them to be.
taladar@sh.itjust.works 4 months ago
nottelling@lemmy.world 4 months ago
.local is reserved for mDNS responses, don’t use that.
It’s more than best practice. Your active directory controllers want to be the resolvers for their members, separate from other zones such as external MX records or the like. Your AD domain should always be a separate zone, aka a subdomain. “ad.example.com”.
If your DCs are controlling members at the top level, you’ll eventually run into problems with Internet facing services and public NS records.