Re: internal domain name connecting to external domain name without www

From: Ace Fekay [MVP] (PleaseSubstituteMyActualFirstName&LastNameHere_at_hotmail.com)
Date: 04/29/04 

Date: Wed, 28 Apr 2004 22:22:28 -0400

In news:F5AA1012-0D5B-485B-9240-8F58E586385B@microsoft.com,
Robbietwilson <anonymous@discussions.microsoft.com> posted their thoughts,
then I offered mine
> We have an internal domain name chfindustries.com and a public
> website hosted by a hosting company outside of our network,
> www.chfindustries.com. We have a host entry for www that resolves so
> internal users can connect to www.chfindustries.com. Unfortunately
> something has just changed and although internal users can connect to
> the www website, several links in the pages refer to just
> chfindustries.com without the www and this causes our internal users
> not to be able to connect to them any longer. How can I create a
> record that allows them to go out to the chfindustries.com website
> without messing up our internal routing for the internal domain? Need
> some help. Thanks.

This requires registry changes. Here's a repost from previous posts
concerning a split-horizon namespace and how to deal with it. But be wary,
since this may also affect GPO and DFS functionality, since the client side
extensions when running the GetGpoList function connects to:
\\domain.com\sysvol\policies\domain.com\{PolicyGuidNumber}. If you change
the LdapIpAddress, the one that has the (same as parent) name, which you
need to do in this case, to your external website, not sure what may happen.
Unfortunate that the same name domain was chosen for your AD domain. And
this must be done on ALL the DCs. Each DC registers this IP.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

===============================
This is good especially if you have a Split Horizon environment where the
internal and external domain names are the same and the users need to get to
their external name by http://theirdomain.com but their DC/DNS server
responds and not the actual external website.

This one is done on the netlogon service parameters in the registry. This
will stop netlogon registering the blank FQDN with the internal private IP.

Here's two steps to clean that up. First you stop the netlogon service from
registering that "Blank Domain FQDN" IP address. Those IPs are actually
called the LdapIPAddress. Then you create your own Blank Domain FQDN IP
(your own LdapIPAddress) that cooresponds to your actual external website.
Here you go:
==========================================
Disabling the Same As Parent LdapIpAddress blank FQDN and auto Publishing a
Blank Domain FQDN IP:
[Taken from http://support.microsoft.com/?id=295328]

To disable only the registration of the local IP addresses, set the
following registry value, then reboot the machine for it to take effect:

1) Add the
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
Registry value: DnsAvoidRegisterRecords
Data type: REG_MULTI_SZ
Value: LdapIpAddress

2) Do this on all DCs and restart netlogon or restart machine.
This will prevent the DC from adding the domain A records from netlogon.
And you can add multiple Blank Domain A records as you need.

After you set this value, you must manually create your publicly available
IP addresses for your domain to appear as:
Same as parent folder Host "publicIP"

TO do so, rt-click your domain name, new Host, leave the name field blank,
enter the actual external IP address.

You're done.

==================================== 

-- 
Regards,
Ace
Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.
Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
pig. -- 
=================================

Relevant Pages

  • Re: Manually Removing Certain Registry Key Types
    ... Trusted sites and probably put there by one of your security programs ... Description of IE Security Zones Registry Entries ... security/privacy settings of the IE browser for the specified website. ...
    (microsoft.public.windowsxp.general)
  • Re: Settings Tab
    ... but Spybot has a feature where you can exclude certain stuff ... since the registry changes have ... the tweaks supplied on Kelly's website do it all ... >As before, stay safe always.. ...
    (microsoft.public.windowsxp.customize)
  • RE: Cannot change Home Page.
    ... Then, I tried a registry change, but to no avail; ... website has a flash Alert tell you you need to install Clean drive!), ... Page* and Right Click on it and select Modify and put the following; ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • Re: PPC IE Javascript problem
    ... that the users who are going to use this website ... execute a second cabfile to restore the original settings in the registry. ... I will look deeper into the CAB file details. ... >> I am using PPC IE to use a website with Javascripting. ...
    (microsoft.public.pocketpc)
  • Re: Outside Website Internal Domain With Same Name
    ... > Our internal domain is sherwoodmechanical.com, ... > What we need is just to be able to access the website from within our ... To access the external website, on your internal DNS under your zone, create ...
    (microsoft.public.win2000.dns)
Loading