Understanding Domain Purpose in Server Configuration: Internal vs. Public DNS for Web/Mail Servers (Linux/Windows)


5 views

When we talk about domains in internal networks, we're referring to DNS namespaces that help organize and manage resources. The .local convention (e.g., companyname.local) serves several key purposes:

# Example internal DNS zone configuration in BIND (Linux)
zone "example.local" {
    type master;
    file "/etc/bind/db.example.local";
    allow-transfer { 192.168.1.0/24; };
};

Key benefits of internal domains:

  • Centralized authentication (Active Directory/LDAP)
  • Service discovery (e.g., printer1.office.local)
  • Network resource organization
  • Certificate management for internal services

Your public domain (example.com) and internal domain (example.local) serve different purposes:

# Example Apache VirtualHost configuration showing separation
<VirtualHost *:80>
    ServerName www.example.com
    DocumentRoot /var/www/html/production
</VirtualHost>

<VirtualHost *:80>
    ServerName intranet.example.local
    DocumentRoot /var/www/html/internal
    Require ldap-group cn=employees,ou=groups,dc=example,dc=local
</VirtualHost>

When configuring mail servers, you need proper MX records and split DNS:

# Example Postfix main.cf configuration
myhostname = mail.example.com
mydomain = example.com
myorigin = $mydomain
mydestination = $myhostname, localhost.$mydomain, localhost
relay_domains = $mydomain, example.local

Implement proper DNS resolution with forwarding:

# Example named.conf options for split DNS
options {
    forwarders { 8.8.8.8; 8.8.4.4; };
    forward only;
};

zone "example.com" {
    type forward;
    forwarders { 10.0.0.53; }; # Your public DNS server
};

zone "example.local" {
    type master;
    file "/etc/bind/db.example.local";
};

Handling SSL/TLS certificates requires careful planning:

# Sample OpenSSL config for internal CA
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
stateOrProvinceName = State
localityName = City
organizationName = Company
organizationalUnitName = Internal CA
commonName = example.local CA

A domain serves as a logical grouping of network resources with shared security and management policies. In internal environments, domains provide:

  • Centralized authentication (Active Directory/LDAP)
  • Resource discovery through DNS
  • Policy enforcement boundaries
  • Namespace hierarchy for organization

The .local convention stems from RFC 6762 for multicast DNS. However, modern best practices recommend:

# Preferred internal domain structure
internal.example.com
corp.example.com

This avoids conflicts with public DNS while maintaining hierarchy. For Linux environments:

# /etc/hosts example for internal resolution
192.168.1.10  fileserver.internal.example.com
192.168.1.20  mail.internal.example.com

When using example.com for both public and internal services:

# BIND DNS configuration excerpt
; Public records
example.com.    IN  A     203.0.113.45
www             IN  CNAME example.com.

; Internal records
internal        IN  NS    ns1.internal.example.com.
mail            IN  A     192.168.1.20

For web and mail servers coexisting with public DNS:

# Apache VirtualHost configuration
<VirtualHost *:80>
    ServerName internal.example.com
    DocumentRoot /var/www/internal
    # Restrict access to internal network
    Require ip 192.168.1.0/24
</VirtualHost>

# Postfix main.cf configuration
myhostname = mail.internal.example.com
mydomain = internal.example.com

Linux domain integration via SSSD:

# /etc/sssd/sssd.conf
[domain/internal.example.com]
id_provider = ldap
auth_provider = ldap
ldap_uri = ldap://dc.internal.example.com
ldap_search_base = dc=internal,dc=example,dc=com

For Windows-Linux interoperability, ensure consistent:

  • DNS resolution paths
  • Kerberos realm configuration
  • Time synchronization (NTP)