Identical Public & Private Domains - Cannot Resolve Public Domain

  • Thread starter Thread starter Aaron
  • Start date Start date
A

Aaron

(I encountered a server error on my first postattempt. I apologize if
this is a re-post)
We use the same domain name in AD as we have for our public domain.
The public website is hosted by a third party. Until recently,
internal LAN users were able to view the website without a problem.
Now, if they attempt to view the public site, it redirects them to our
AD server. I've used NSLOOKUP and it resolves the domain to the AD
server as follows:
______________________________________________
Default Server: server01.mydomain.com
Address: 192.168.1.102
mydomain.com
Click to expand...
Server: server01.mydomain.com
Address: 192.168.1.102

Name: mydomain.com
Addresses: 192.168.1.102, 192.168.2.100
______________________________________________

192.168.1.102 is our SB2000 (Exchange, AD, DNS) server.
192.168.2.100 is our AD replica server (WAN connection).
How can I set our DNS server to direct internal LAN queries for the
public domain to the proper IP address? Is there a Q/KB article for
this? I've read through a lot of discussions about manually adding a
DNS entry, but none of those seem to apply to this situation. Thanks
in advance!

-A
 
Aaron wrote:

(...)
How can I set our DNS server to direct internal LAN queries for the
public domain to the proper IP address? Is there a Q/KB article for
this? I've read through a lot of discussions about manually adding a
DNS entry, but none of those seem to apply to this situation. Thanks
in advance!
Click to expand...


This is a problem with "split brain" DNS desing - there isn't any trick
or setup - You have to duplicate Your internet DNS entries (host's etc)
on the internal DNS server with proper adresses. Your internal server
for LAN users is the main and authoritative server for this domain and
ther is not way to forward some queries about Your domain to the
external DNS.
 
Simple fix - Add a static DNS entry as WWW and point it
towards your external web site address. Clear your cache
on the computer and give it a try. Works like a charm.
If someone queiries www.mydomain.com, the dns will
resolve WWW and then the rest of the FQDN.

ps. Had the same issue!
 
In his case, he wants to resolve mydomain.com, not WWW.mydomain.com. The
problem is mydomain.com is also the name of his AD domain. There really is
no easy way out yet. The fastest resolution is to explain to your users that
you have a problem, and that they should use www.mydomain.com instead of
mydomain.com. Of course, you can create an A record (using the "same as
Parent" option) pointing mydomain.com to your webserver, but that has the
potentials of causing you more grief than the one you are trying to fix.

--
Sincerely,

Dèjì Akómöláfé, MCSE MCSA MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - COMPLETE SPAM Protection
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon
 
It sounds to me as if he just needs to access his
external web site from internal. Having the same dns
domain name on both will be an issue until you add the
WWW. Then he can go to IE and type www.mydomain.com.
This will take his internal users to their website.

ah, oh well...
-----Original Message-----
In his case, he wants to resolve mydomain.com, not
Click to expand...
WWW.mydomain.com. The
problem is mydomain.com is also the name of his AD domain. There really is
no easy way out yet. The fastest resolution is to explain to your users that
you have a problem, and that they should use
Click to expand...
www.mydomain.com instead of
 
In
AJD said:
It sounds to me as if he just needs to access his
external web site from internal. Having the same dns
domain name on both will be an issue until you add the
WWW. Then he can go to IE and type www.mydomain.com.
This will take his internal users to their website.

ah, oh well...
Click to expand...

Keep in mind gentlemen, if access is needed to the domain name
(LdapIpAddres), such as to http://domain.com in a split horizon, it can be
done thru the registry, and then manually create the LdapIpAddress with the
external IP, however there are compromises to be dealt with. Compromises
such as GPOs may not apply. Why? Because the client side extensions connect
to:
\\domain.com\sysvol\domain.com\policies\{ThePolicy'sLongGuidNumberHere}

If the external IP is set, then GPOs may not apply. Best to keep access to
only as www.domain.com .



--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
pig. --
=================================
 
This will work for us, but I'm not sure how to add a static DNS entry.
I know this will limit our users from accessing http://mydomain.com,
but I don't think that will affect us at all. Thanks for your help.

-A
 
In
Aaron in said:
This will work for us, but I'm not sure how to add a static DNS entry.
I know this will limit our users from accessing http://mydomain.com,
but I don't think that will affect us at all. Thanks for your help.

-A
Click to expand...

To create a static www entry? Easy. Rt-click your zone name, select new Host
record, then type in www in the hostname section and give it the actual
outside webserver's IP address. I would suggest to have your users only
access the site with the www record and not by http://mydomain.com due to
the ramifications.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
pig. --
=================================
 
Back
Top