diff --git a/controllers/dns.go b/controllers/dns.go
index 67085365f..c6e08deb6 100644
--- a/controllers/dns.go
+++ b/controllers/dns.go
@@ -164,7 +164,8 @@ func createDNS(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	// check if default domain is appended if not append
-	if !strings.HasSuffix(entry.Name, servercfg.GetDefaultDomain()) {
+	if servercfg.GetDefaultDomain() != "" &&
+		!strings.HasSuffix(entry.Name, servercfg.GetDefaultDomain()) {
 		entry.Name += "." + servercfg.GetDefaultDomain()
 	}
 	entry, err = logic.CreateDNS(entry)
diff --git a/logic/acls.go b/logic/acls.go
index cf0c4f87d..58ebd55c2 100644
--- a/logic/acls.go
+++ b/logic/acls.go
@@ -39,14 +39,15 @@ func CreateDefaultAclNetworkPolicies(netID models.NetworkID) {
 	_, _ = ListAclsByNetwork(netID)
 	if !IsAclExists(fmt.Sprintf("%s.%s", netID, "all-nodes")) {
 		defaultDeviceAcl := models.Acl{
-			ID:        fmt.Sprintf("%s.%s", netID, "all-nodes"),
-			Name:      "All Nodes",
-			MetaData:  "This Policy allows all nodes in the network to communicate with each other",
-			Default:   true,
-			NetworkID: netID,
-			Proto:     models.ALL,
-			Port:      []string{},
-			RuleType:  models.DevicePolicy,
+			ID:          fmt.Sprintf("%s.%s", netID, "all-nodes"),
+			Name:        "All Nodes",
+			MetaData:    "This Policy allows all nodes in the network to communicate with each other",
+			Default:     true,
+			NetworkID:   netID,
+			Proto:       models.ALL,
+			ServiceType: models.Any,
+			Port:        []string{},
+			RuleType:    models.DevicePolicy,
 			Src: []models.AclPolicyTag{
 				{
 					ID:    models.DeviceAclID,
@@ -66,14 +67,15 @@ func CreateDefaultAclNetworkPolicies(netID models.NetworkID) {
 	}
 	if !IsAclExists(fmt.Sprintf("%s.%s", netID, "all-users")) {
 		defaultUserAcl := models.Acl{
-			ID:        fmt.Sprintf("%s.%s", netID, "all-users"),
-			Default:   true,
-			Name:      "All Users",
-			MetaData:  "This policy gives access to everything in the network for an user",
-			NetworkID: netID,
-			Proto:     models.ALL,
-			Port:      []string{},
-			RuleType:  models.UserPolicy,
+			ID:          fmt.Sprintf("%s.%s", netID, "all-users"),
+			Default:     true,
+			Name:        "All Users",
+			MetaData:    "This policy gives access to everything in the network for an user",
+			NetworkID:   netID,
+			Proto:       models.ALL,
+			ServiceType: models.Any,
+			Port:        []string{},
+			RuleType:    models.UserPolicy,
 			Src: []models.AclPolicyTag{
 				{
 					ID:    models.UserAclID,
@@ -94,13 +96,14 @@ func CreateDefaultAclNetworkPolicies(netID models.NetworkID) {
 
 	if !IsAclExists(fmt.Sprintf("%s.%s", netID, "all-remote-access-gws")) {
 		defaultUserAcl := models.Acl{
-			ID:        fmt.Sprintf("%s.%s", netID, "all-remote-access-gws"),
-			Default:   true,
-			Name:      "All Remote Access Gateways",
-			NetworkID: netID,
-			Proto:     models.ALL,
-			Port:      []string{},
-			RuleType:  models.DevicePolicy,
+			ID:          fmt.Sprintf("%s.%s", netID, "all-remote-access-gws"),
+			Default:     true,
+			Name:        "All Remote Access Gateways",
+			NetworkID:   netID,
+			Proto:       models.ALL,
+			ServiceType: models.Any,
+			Port:        []string{},
+			RuleType:    models.DevicePolicy,
 			Src: []models.AclPolicyTag{
 				{
 					ID:    models.DeviceAclID,
diff --git a/logic/dns.go b/logic/dns.go
index b7bd3e895..7e0241d24 100644
--- a/logic/dns.go
+++ b/logic/dns.go
@@ -116,7 +116,11 @@ func GetNodeDNS(network string) ([]models.DNSEntry, error) {
 			continue
 		}
 		var entry = models.DNSEntry{}
-		entry.Name = fmt.Sprintf("%s.%s.%s", host.Name, network, defaultDomain)
+		if defaultDomain == "" {
+			entry.Name = fmt.Sprintf("%s.%s", host.Name, network)
+		} else {
+			entry.Name = fmt.Sprintf("%s.%s.%s", host.Name, network, defaultDomain)
+		}
 		entry.Network = network
 		if node.Address.IP != nil {
 			entry.Address = node.Address.IP.String()
diff --git a/pro/logic/user_mgmt.go b/pro/logic/user_mgmt.go
index daad932af..d29fdf377 100644
--- a/pro/logic/user_mgmt.go
+++ b/pro/logic/user_mgmt.go
@@ -1207,12 +1207,13 @@ func CreateDefaultUserPolicies(netID models.NetworkID) {
 
 	if !logic.IsAclExists(fmt.Sprintf("%s.%s-grp", netID, models.NetworkAdmin)) {
 		defaultUserAcl := models.Acl{
-			ID:        fmt.Sprintf("%s.%s-grp", netID, models.NetworkAdmin),
-			Name:      "Network Admin",
-			MetaData:  "This Policy allows all network admins to communicate with all remote access gateways",
-			Default:   true,
-			NetworkID: netID,
-			RuleType:  models.UserPolicy,
+			ID:          fmt.Sprintf("%s.%s-grp", netID, models.NetworkAdmin),
+			Name:        "Network Admin",
+			MetaData:    "This Policy allows all network admins to communicate with all remote access gateways",
+			Default:     true,
+			ServiceType: models.Any,
+			NetworkID:   netID,
+			RuleType:    models.UserPolicy,
 			Src: []models.AclPolicyTag{
 				{
 					ID:    models.UserGroupAclID,
@@ -1238,12 +1239,13 @@ func CreateDefaultUserPolicies(netID models.NetworkID) {
 
 	if !logic.IsAclExists(fmt.Sprintf("%s.%s-grp", netID, models.NetworkUser)) {
 		defaultUserAcl := models.Acl{
-			ID:        fmt.Sprintf("%s.%s-grp", netID, models.NetworkUser),
-			Name:      "Network User",
-			MetaData:  "This Policy allows all network users to communicate with all remote access gateways",
-			Default:   true,
-			NetworkID: netID,
-			RuleType:  models.UserPolicy,
+			ID:          fmt.Sprintf("%s.%s-grp", netID, models.NetworkUser),
+			Name:        "Network User",
+			MetaData:    "This Policy allows all network users to communicate with all remote access gateways",
+			Default:     true,
+			ServiceType: models.Any,
+			NetworkID:   netID,
+			RuleType:    models.UserPolicy,
 			Src: []models.AclPolicyTag{
 				{
 					ID:    models.UserGroupAclID,
diff --git a/scripts/netmaker.default.env b/scripts/netmaker.default.env
index d534abacc..9cab2a82b 100644
--- a/scripts/netmaker.default.env
+++ b/scripts/netmaker.default.env
@@ -87,7 +87,7 @@ EMAIL_SENDER_USER=
 # sender smtp password
 EMAIL_SENDER_PASSWORD=
 # default domain for internal DNS lookup
-DEFAULT_DOMAIN=netmaker.hosted
+DEFAULT_DOMAIN=hosted.nm
 # managed dns setting, set to true to resolve dns entries on netmaker network
 MANAGE_DNS=false
 # set to true, old acl is supported, otherwise, old acl is disabled
diff --git a/servercfg/serverconf.go b/servercfg/serverconf.go
index c928adaa9..f415405f9 100644
--- a/servercfg/serverconf.go
+++ b/servercfg/serverconf.go
@@ -12,7 +12,6 @@ import (
 
 	"github.com/gravitl/netmaker/config"
 	"github.com/gravitl/netmaker/models"
-	"golang.org/x/exp/slog"
 )
 
 // EmqxBrokerType denotes the broker type for EMQX MQTT
@@ -684,13 +683,11 @@ func IsOldAclEnabled() bool {
 
 // GetDefaultDomain - get the default domain
 func GetDefaultDomain() string {
-	//default netmaker.hosted
-	domain := "netmaker.hosted"
+	//default hosted.nm
+	var domain string
 	if os.Getenv("DEFAULT_DOMAIN") != "" {
 		if validateDomain(os.Getenv("DEFAULT_DOMAIN")) {
 			domain = os.Getenv("DEFAULT_DOMAIN")
-		} else {
-			slog.Warn("invalid value, set to default domain: netmaker.hosted", "warn", os.Getenv("DEFAULT_DOMAIN"))
 		}
 	}
 	return domain