I’ll try to not be long winded about this but it’s going to be a doozy anyway.
I’m just hoping to confirm or clarify my understanding of domain best practices, and then have a question about how to appropriately cert it/them.
Externally, let’s say I have mycompany.com bought and registered.
It’s got a website hosted somewhere 3rd party, and subdomains. site1.mycompamy.com, site2 etc.
And some additional dns records so I can have things like mail.mycompany.com point to our Google email suite thing, etc.
So, Internally to my business, can/should I also use mycompany.com, also with a prefix, so my internal network domain is headquarters.mycompany.com or whatever?
Meaning that all my hostnames would get pretended to that on internal dns; printer.headquarters.mycompany.com , laptop1. , yada yada.
Back in the day I remember hearing not to use .com internally because it could mess up traffic mean to route outside, and internally systems used .local. Now, I hear using .local is bad, because it can interfere with certain protocols like bonjour. I’ve also read that suggestions to use a made up thing, like .office for internal domains.
Tl;dr - is a prefix(subdomain) on an owned domain name the way to go?
AND- if they can/should be all based on mycompany.com, would a single wildcard cert for that domain be usable on both external and internal servers? (So my website is secured, and I can use the same cert to get rid of all the dumb non secure self signed browser warnings my internal services and NAS and everything else give me)
Thanks for reading!