Re: AD DNS issue

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: Ulf B. Simon-Weidner [MVP] (nospam2-ulf_at_usw-consulting.com)
Date: 09/28/04 

Date: Mon, 27 Sep 2004 23:19:06 -0700

"Sam" <sam@globalwebcentral.com> wrote in message
news:Of6DLHZoEHA.1460@TK2MSFTNGP12.phx.gbl:
> Hi,
>
> We're running a Windows 2000 network w/ 2 Domain controllers that are also
> running DNS and DHCP services for the internal network. The AD integrated
> DNS servers use forwarders. We also have 2 external DNS servers we're
> running for web sites, etc.
>
> The problem is that the AD domain is MyDomain.com. Some users in our
> internal network could not get to our web site which is also at
> MyDomain.com. The web server is at an ISP location so we use a third party
> IP for the web site.
>
> I added a new host name which is the web server w/ ISP's IP to our
> internal
> DNS. I also created a CNAME record in the internal DNS for www prefix.
> This
> should fix the problem about web site being inaccessible from the internal
> network. My problem is what if someone types just MyDomain.com to get to
> the
> web site. What kind of DNS record do I need to create in the internal DNS
> to
> fix this problem?
>
´
Hello Sam,

The only valid solution in my eyes is to create the www-record
internally and instruct the users to go to the public website via
www.yourdomain.com.
If they just type in yourdomain.com they will not get any results since
that record points to all DCs you've got and if you don't run IIS there
theres nobody to answer http-requests.
Keep the records for the DCs as they are, AD uses them to locate the
DCs, GPO use them and Clients use them.

Really - instruct your users to type in www.yourdomain.com - if they
are lazy provide them with a Link in IE via GPOs. And they are used to
typing in www anyways if they are on the web.

Another thing I'd like to mention - you would be able to create a
delegation for www.yourdomain.com to your external or ISPs DNS-Servers
instead of A/CNAME-records. This is quite handy if your ISP is changing
Ips for it's servers from time to time. 

-- 
Gruesse - Sincerely,
Ulf B. Simon-Weidner
  Weblog: http://msmvps.org/UlfBSimonWeidner
  MVP-Buch "Windows XP - Die Expertentipps":  http://tinyurl.com/44zcz

Relevant Pages

  • Re: Running more than one service on one box
    ... your servers, and you may find yourself in good shape. ... while dedicating a separate box as an ... > does web, mail, and DNS. ... > their access and starts messing with the web site, ...
    (Security-Basics)
  • Re: AD DNS issue
    ... I really don't want to run IIS on DCs. ... >> also running DNS and DHCP services for the internal network. ... >> party IP for the web site. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Internal Domain Name same as external Domain Name problems
    ... :: What I've done in the past is put a host record in the local DNS ... :: name to point www to the outside IP address of their web site. ... :: DNS to get the web site to show up for internal clients. ... zone called "www' and give it the external authorative DNS servers. ...
    (microsoft.public.windows.server.dns)
  • Re: web browsing
    ... Naming your AD DNS with ANY relationship to your FQDN is STUPID. ... Should you wish to make resources (servers) inside your AD available to the ... > Generally speaking it is not recommended to install SBS with a domain name ... > Can you access the web site using the IP address? ...
    (microsoft.public.windows.server.sbs)
  • Re: Recursive VS Open DNS
    ... looked for a DNS layout/design setup but can't find one anywhere. ... Here is the main thing you have to look at, your internal network must have ... a DNS server that can resolve internet names and resolve servers on the ...
    (microsoft.public.win2000.dns)