Internal DNS name and ISP Domain name

  • Thread starter Thread starter gkrasnoff
  • Start date Start date
G

gkrasnoff

our internal dns name is the same as our fully qualified
domain name (external)

What problems can arise by having them both the same?
And if there are problems what can i do to resolve them?

Thanks,
Greg
 
In
gkrasnoff said:
our internal dns name is the same as our fully qualified
domain name (external)

What problems can arise by having them both the same?
And if there are problems what can i do to resolve them?

Since all internal clients must use the internal DNS server _only_ in TCP/IP
properties, and the record needed to access your external website by domain
name only must point to your DC's internal NIC with file sharing enabled,
you will not be able to access the external web site by domain name only
(http://domain.com) and you will have to manually create a record named www
in the internal zone so you can access the external web site by
http://www.domain.com The reason the record for the domain name must point
to DC's internal interface with file sharing is to give access to the SYSVOL
DFS share at \\domain.com\SYSVOL you cannot alter this behavior. Although,
you can run IIS on your DCs and have IIS redirect the site to
http://www.domain.com. Some will recommend against this, but this is the
only way, and the security risk is limited, because unless you are running
Exchange with OWA on the DC, only internal users will get the site and will
be instantly redirected.

Also you will have problems if you have VPN clients because they see the
external domain before connecting via the VPN. You will have to create
entries in your hosts file on the VPN clients for your domain controller's A
records so as to get the correct IP address for the DC.
 
Back
Top