Win2K server DNS conflicts with external web-host

[spikespiegal]

Ah, this one is as old as dirt.

Basically, what's the best practice for dealing with your Win2K domain being the same name as the outside service hosting your web-site? Example, Active Directory is set up as 'fubar.com', then the owner wants a web-site called 'fubar.com', but hosted by an external party.

If it were up to me, I prevent the problem from happening in the first place and make sure my initial domain name *is not* going to be the same name I'll eventually want the world to see on an external web-site.

Unfortunatley I run into a lot of companies where I don't have this option. So, when bill the VP of sales types in www.fubar.com in his browser, he defaults to the AD primary rather than the external web-site.

Ah, but if I add the 'www' to the forward lookup zone in DNS services and use the external IP address of our hosted web-site, this pushes the DNS request outside our domain, and all is well. However, Bill now wants to access www.fubar.com/admin so he can upload some new PDFs to our external web-site, and I'm stuck again because Windows defaults back to our AD primary.

Advice?

 

[amdskip]

Interesting question, too bad you just couldnt' change the internal name.

You should be able to make the internal computers point to the external domain somehow.

 

[spyordie007]

Assuming DNS already exists you're probably going to have to end up mirroring the DNS records in the internal DNS, rather than trying to forward the requests setting up the internal host records that point to an external IP (copying the public zone data into your internal DNS). Granted this means you have to update if the external hosts change their IP addresses, but this is (hopefully in these deployments) uncommon.

This can get complicated quickly (which is one of the reasons why it is not recommended to use the same second level domain internally and externally).

Ideally you would want to use a sub-domain (or differant domain name) internally to avoid these problems (i.e. if you use the domain name contoso.com on the outside for AD you could use corp.contoso.com).

 

[spikespiegal]

Yeah...for every solution there's a possible issue. No surprise.

One 'hack' I found to get around this is to manually add a hosts entry on the workstations needing access to the site. To me though this is kind of a primitive solution, and I'd rather accomplish this through DNS than a local client's hosts file.

I'm also a little leary of adding 'fubar.com' to DNS and pointing it to an external IP address. I have no idea how this will affect Active Directory, if at all.

 

[spyordie007]

I'm also a little leary of adding 'fubar.com' to DNS and pointing it to an external IP address. I have no idea how this will affect Active Directory, if at all.

I WOULD NOT point the root outside, just things like "www" (instruct users to type it to access the site).

One 'hack' I found to get around this is to manually add a hosts entry on the workstations needing access to the site. To me though this is kind of a primitive solution, and I'd rather accomplish this through DNS than a local client's hosts file.

Doing this through DNS would be much easier than in the clients' host file. Maintaining it in one place is far better than on the individual machines.