Naming Windows Server 2008 domains
See:
- MS:Naming conventions in Active Directory for computers, domains, sites, and OUs
- MS:Considerations for designing namespaces in a Windows 2000-based domain
- MS:Information about configuring Windows for domains with single-label DNS names
- MS:How DNS Support for Active Directory Works
- SF:Issues with using real domain for Active Directory domain?
- SF:Active Directory: Is it required that the “A” record for a domain point to a Domain Controller?
- SF:Top level domain for private networks?
- SF:Using .local for internal websites
The .local domain suffix is not an FQDN and therefore 'non-routable'. This protects your domain somewhat from passing information outside of its perimiter.
For example, a user with a laptop on your internal-only acme.com domain plugs into their home network. It attempts to resolve acme.com and talk to its nearest DC. Your external acme.com is suddently batting off AD-related traffic and that traffic is flowing directly across the internet.
Worst-case scenario is that you pick an internal domain name, and someone else owns that same domain name externally. Now when your users go off-site, their machine attempts to resolve and contact the domain, only to have their traffic being sent to some random company that owns the mysuperdomain.com name out in Timbuktu.
There's also some complications that may arise around internal and external DNS configuration if you choose to use the same name for internal and external domains. Even using a sub-domain of your external domain name (e.g. AD.mycompany.com) can lead to issues with DNS down the line, often in granting internal users access to your resources that are also available externally.
Best practice IMO is using mycompanyname.local for your internal domain, and mycompanyname.com (or such) for external.