Thursday, June 23, 2016

active directory - My AD domain and DNS domain names are the same. Can this be resolved with SRV secords?



My company has a website with the domain name of acme.com. It also used acme.com as the AD domain name. External DNS is set up properly. Internal DNS has to resolve to the DC, for obvious reasons.



As we know, visitors to acme.com from outside our network get the website and visitors to acme.com from within our network hit the domain controller, for obvious reasons.




I am familiar with the usual answers found here and here that state it goes against best practice to use the same name for DNS and AD domains and to either 1) migrant my AD domain to another name or 2) use http redirection via IIS on each of the DCs in my forest.



Based on what I have read on Wikipedia and Reddit, it seems possible to solve this problem with a SRV record.



So, I created the following SRV record but it does not seem to work:



_http._tcp.acme.com. 86400 IN SRV 0 100 80 www.acme.com.



Is it even possible to "redirect" internal http requests from acme.com to www.acme.com using only a SRV record?



Answer



No. Web browsers don't use SRV records, so this won't work.



https://stackoverflow.com/questions/9063378/why-do-browsers-not-use-srv-records



And that's why it's not listed as an answer to the problem.


No comments:

Post a Comment

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...