In our network the name of the network domain is also the domain of the organization's website (say, example.com
). Externally, people can enter example.com
to visit our website, but internally, this points to one of the several domain controllers, we have for Active Directory, some of which do not even run a webserver.
As a result of this, links to http://example.com
don't work internally (only www.example.com
does work internally).
How do we point http requests transparently to the web server, and what side effects does this have?
Answer
There's no easy solution for what you want.
You don't want to use the same domain-name internally as is already authoritative for something else on the Internet. Now you're learning why.
If it's not too late to change the AD domain name to something else I'd recommend doing so.
If not, you have two choices:
Run a "redirect" web site on all the domain controllers (since each one answers for "domain.com") to redirect requests to another hostname (like, say, www.domain.com).
Just tell users that "domain.com" doesn't work to get to the company web site.
If you monkey around with the A record for the AD domain name trying to "point" it an external address you will break DFS referrals for the SYSVOL, and cripple group policy on all your computers.
This is the biggest reason why I recommend that Customers use an "ad.company.com"-style second-level domain name. Unless you have very good reasons you should never create a zone on a DNS server that some other DNS server(s) on the Internet are already authoritative for, even if it's inside a private LAN. Eventually you'll want to connect your private LAN to the Internet and the conflicting names will cause you problems.
No comments:
Post a Comment