Announcement

Collapse
No announcement yet.

DNS Setup for AD domain matching public domain

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • DNS Setup for AD domain matching public domain

    Hi there,

    I have set up an AD domain which matches our public domain. For example, we have a website www . domain . com and also have an AD domain called domain.com

    Our public name servers are hosted externally.

    So now the problem I have is that when in the network, the DNS server does not resolve any of our public records. i.e. if we try go to www . domain . com then it does not resolve. I know that I can manually update our DNS entries to match that of our Name Servers, but I'm hoping there is a much better way...

    Any advice would be appreciated!

    Thanks

  • #2
    Re: DNS Setup for AD domain matching public domain

    I'm afraid I've got some bad news for you: There isn't a better way.

    You've got what is known as a "split-brain DNS" setup, where the internal AD DNS servers believe they're authoritative for an Internet domain that's actually being hosted by external servers. This is not a recommended setup, because as you've noticed, you'll need to manually keep local records in sync with the records on the public DNS server.

    Comment


    • #3
      Re: DNS Setup for AD domain matching public domain

      Yep, no better way to do it. One of several reasons why your internal and external DNS zones should be disparate.
      BSc, MCSA: Server 2008, MCSE, MCSA: Messaging, MCTS
      sigpic
      Cruachan's Blog

      Comment


      • #4
        Re: DNS Setup for AD domain matching public domain

        Thanks guys - I was hoping you wouldn't say that

        Is there a way to change the name of a domain so that I can convert to something like inside.domain.com and then I wont have this problem?

        Comment


        • #5
          Re: DNS Setup for AD domain matching public domain

          You can rename the domain:
          https://www.google.co.uk/search?q=ac...6cAcPo-gb3uoBg

          Plan carefully and have backups just in case

          Suggest you consider "domain.corp" or "domain.internal" for the AD domain
          Tom Jones
          MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
          PhD, MSc, FIAP, MIITT
          IT Trainer / Consultant
          Ossian Ltd
          Scotland

          ** Remember to give credit where credit is due and leave reputation points where appropriate **

          Comment


          • #6
            Re: DNS Setup for AD domain matching public domain

            Thanks again for your help - I followed instructions from http : // www .rickygao . com/how-to-rename-your-single-active-directory-domain and it worked perfectly

            As you suggested I used domain.corp

            Comment


            • #7
              Re: DNS Setup for AD domain matching public domain

              Well that is still going against best practice. Don't use made of DNS suffixes or DNS suffixes that may be approved for public use in the future. What if ICANN approves the .corp DNS TLD for public use? Then you're going to be in the same boat.

              What you should do is use an unused subdomain of your public domain, which is the current best practice. So something like ad.domain.com would be more appropriate.

              Comment

              Working...
              X