Windows Domain/Domain Controller vs Web Domain Question...

[Scarpozzi]

So I've got a Windows Domain....let's call it dc=company,dc=com

There's a DNS entry of company.com listed.

I have a website of www.company.com

My question: External DNS resolves company.com and www.company.com to our company web server. Internal DNS resolves company.com to the DC pool and www.company.com to the web server. Is there a way to redirect traffic within windows without installing IIS on the DC? (it's not recommended by Microsoft) I'm just trying to figure out how to fix the problem of internal clients and employees going to domain.com and finding a pool of servers that don't listen on port 80.

I'm relatively new to Microsoft stuff and didn't find anything about this from a google search.

Thanks,

-Scar

 

[yinan]

It is caleld split horizon DNS. Also, you really should something other than an Internet resolvable domain name for your internal network, aka company.local.

 

[imagoon]

It is caleld split horizon DNS. Also, you really should something other than an Internet resolvable domain name for your internal network, aka company.local.

That is no longer recommended. The recommended solution is to use a subdomain of the main domain IE

windows domain = internal.domain.com public = domain.com

so dc1.internal.domain.com can never conflict with anything in domain.com (except the obvious "internal.domain.com."

My home test domain hangs off my own personal public domain without issue this way right now.

In 2015 you will no longer be able to get proper certificate for domains like ".local" which will make things like Exchange basically not work (in a way that won't cause other issues in the cert chain) inside and outside the domain.

 

[Scarpozzi]

Thanks for the responses. It's just easier said than done when a domain's been set a certain way for years.

I agree with subdomains and a clear line between internal/external. I'll see if I can add this be to the list of 3-5 year goals.

 

[imagoon]

Thanks for the responses. It's just easier said than done when a domain's been set a certain way for years.

I agree with subdomains and a clear line between internal/external. I'll see if I can add this be to the list of 3-5 year goals.

Well if you have something running already, I assume you don't have an internal machine named "www" in your domain do you?

If not you can just plug an A record in to your domain DNS with the proper IP. If you are doing doing your external DNS via the DC's DNS (really bad mojo btw) the first step is to split it up and then manage each part separately.