intdomain.tld - technical internal use extdomain.tld - technical external use internal.company.tld - nice looking internal names in accordance with company name to satisfy marketing aspects; should mostly be CNAMEs to intdomain.tld company.tld - nice looking names in accordance with company name to satisfy marketing aspects; should mostly be CNAMEs to extdomain.tld
PTR RFC1918 IPv4: internal only - TODO: IPv6 PTRs PTR Public IPv4: external only (very few exceptions for own IFRA use cases, e.g. GUEST-wifi-only services) PTR IPv6: central delegation to public DNS server; use ACL-based query allowance for DMZ and public ranges intdomain.tld: internal and external DNS separately (external mostly EMPTY), only private RFC1918 IPv4 + internal-only IPv6 extdomain.tld: external DNS only, only public IP's internal.company.tld: internal DNS only, only private RFC1918 IPv4 + internal-only IPv6 company.tld: external DNS only, only public IP's
DELETEGATE TO DEPARTMENTS ("Hidden IT", e.g. R&D)
<DEPARTMENT>.<LOCATION>[.<GEO>].intdomain.tld
<DEPARTMENT>.intdomain.tld
<DEPARTMENT>.company.tld
[<ENVIRONMENT>.]<LOCATION>[.<GEO>].intdomain.tld
[<ENVIRONMENT>.]<LOCATION>[.<GEO>].intdomain.tld
intdomain.tld
company.tld
dev = development state tst = testing state stg = staging state prd = production state
Prefer to find an acronym in this order before choosing your own:
- IATA Airport Code: https://en.wikipedia.org/wiki/International_Air_Transport_Association_airport_code
- ICAO Airport Code: https://en.wikipedia.org/wiki/International_Civil_Aviation_Organization_airport_code#Prefixes
- IATA Railway Code: https://en.wikipedia.org/wiki/List_of_IATA-indexed_railway_stations#Railway_station_codes
UN/LOCODE = http://www.unece.org/cefact/locode/service/location.html
- Use officially registered domain name
- When choosing domain name, preferably avoid obvious company relation for sustainability purposes (avoid re-naming when business develops!)
- Segregation of internal and external DNS can be done either using separate DNS servers or implement ACL views on the same server.
In Question / To be clarified:
- Do NOT use internal/external split=overlapping DNS (avoid overhead, think global, use IPv6)
de = Germany
us = United States
muc = Munich
aug = Augsburg
b = Building Services
acr = Access Control Reader / Terminal
acs = Access Control Server
cam = Surveillance Camera
csv = Surveillance Server
hom = Home Automation Gateway
vac = Vacuum Cleaner
wet = Weather Station
[0-9{2}] = serial number
e = General Equipment
avr = AV Receiver
bea = Beamer
gam = Gaming Console
hlt = Health Gadget (scale, smart watch, etc.)
lcd = LCD TV or Monitor
phd = Desk Phone
phc = Conference Phone
phs = Smart Phone
prn = Printer
spk = Speaker (e.g. Sonos)
tab = Tablet Computer w/o Mobile Broadband
tap = Tablet Computer w/ Mobile Broadband
vid = Video Device
vgw = VoIP Gateway
[0-9{2}] = serial number
HINT: If this is a virtual appliance or other software-based device
running on Hypervisor hardware, use TYPE virtual Server instead!
TODO: Switch types: core, distribution, access, management; router types: core and management
con = Console/Terminal Server, iLO etc.
cpe = Customer Premise Equipment w/ admin access (e.g. modem, Fritzbox, etc.)
cpp = 3rd-party equipment w/o admin access (e.g. Provider's Cluster IP)
fwc = Firewall Cluster IP (Core)
fwl = Firewall Node IP
lbc = Load Balancer/Proxy (physical) Cluster IP (Core)
lbl = Load Balancer/Proxy (physical) Node IP
rtc = L3 Router/Switch Cluster IP (Core)
rtr = L3 Router/Switch Node IP
sac = Fibre Channel SAN Switch Cluster IP (Core)
san = Fibre Channel SAN Switch Node IP
swc = L2 Switch Cluster IP (Core)
swt = L2 Switch Node IP
vgw = VoIP Boarder Gateway
vgd = DECT VoIP Gateway
vpc = VPN Gateway Cluster IP (Core)
vpn = VPN Gateway Node IP
wap = Wireless Access Point
wnc = Wireless Network Controller Cluster IP
wnn = Wireless Network Controller Node IP
pdu = Power Distribution Unit
ups = Uninterruptible Power Supply
[0-9{2}] = serial number
-fet = Fast Ethernet (Twisted Pair)
-get = Gigabit Ethernet, 1000BASE-T (Twisted Pair)
-gec = Gigabit Ethernet, 1000BASE-X (150Ω balanced copper / twinaxial)
-gef = Gigabit Ethernet, 1000BASE-X (Fiber only)
-ter = 10 Gigabit Ethernet, LAN 10GBASE-R
-tet = 10 Gigabit Ethernet, LAN 10GBASE-T
-tex = 10 Gigabit Ethernet, LAN 10GBASE-X
-tew = 10 Gigabit Ethernet, WAN 10GBASE-W
-qge = 40 Gigabit Ethernet, 40GBASE-R
-hge = 100 Gigabit Ethernet, 100GBASE-R
####### PORT (Gateway IP only) [0-9]+ = physical Port Identifier; backplane specification etc may be vendor specific
######## VLAN ID (Gateway IP only) v[0-9]+ = VLAN (TODO: might need improvement to reflect where a frame has VLAN header)
p = physical Server
bl = Blade Server
em = Embedded Server (e.g. RaspberryPi)
la = Laptop Server
mi = Mini-PC (e.g. Intel NUC)
ra = Rack mountable Server
ws = Workstation Server (Tower)
d = development state
t = testing state
s = staging state
p = production state
####### SERIAL [0-9{2}] = serial number
######## PURPOSE [a-z{3}] = purpose app = Application Server (non-web) cfg = Configuration Management (Puppet, Ansible, etc.) fin = Finance server ftp = SFTP/FTPS Server dns = DNS Server mon = Monitoring Server (Zabbix, Nagios, Cacti, Sensu, etc.) mta = Mail Server (MTA only) prn = Print Server prx = Proxy/Load Balancer (software) sql = Database Server ssh = SSH Jump/Bastion Host sto = Storage Server vcs = Version Control Software Server (Git/SVN/CVS/etc.) vpc = Virtual PC vmm = Virtual Machine Manager web = Web Server b = type from Building Service as software appliance on standard hardware e = type from General Equipment as software appliance on standard hardware n = type from Network and Power Equipment as software appliance on standard hardware
######### SECURITY (optional if applicable) -z = DMZ -d = department server in IT environment ("Hidden IT", e.g. R&D)
v = virtual Server
cl = LXC (Linux container)
cz = OpenVZ (Linux container)
hp = HP Integrity VM (bare-metal)
jl = Jail (FreeBSD container)
lp = IBM LPAR (bare-metal)
su = Sun xVM virtualization (bare-metal)
mb = bhyve (FreeBSD type-1)
mh = Hyper-V (Windows type-1)
mk = KVM (Linux type-1)
mw = VMware vSphere (bare-metal)
mx = Xen (Linux type-1)
t2 = type-2 hypervisor (VMware Workstation/Fusion, VirtualBox, QEMU, Parallels Desktop)
d = development state
t = testing state
s = staging state
p = production state
####### SERIAL [0-9{2}] = serial number
######## PURPOSE [a-z{3}] = purpose app = Application Server (non-web) cfg = Configuration Management (Puppet, Ansible, etc.) fin = Finance server ftp = SFTP/FTPS Server dns = DNS Server mon = Monitoring Server (Zabbix, Nagios, Cacti, Sensu, etc.) mta = Mail Server (MTA only) prn = Print Server prx = Proxy/Load Balancer (software) sql = Database Server ssh = SSH Jump/Bastion Host sto = Storage Server vcs = Version Control Software Server (Git/SVN/CVS/etc.) vpc = Virtual PC vmm = Virtual Machine Manager web = Web Server b = type from Building Service as virtual appliance e = type from General Equipment as virtual appliance n = type from Network and Power Equipment as virtual appliance
######### SECURITY (optional if applicable) -z = DMZ -d = department server in IT environment ("Hidden IT", e.g. R&D)