Creating zone on my 'internal' DNS servers to allow unique URL

[Magoo]

External DNS namespace is
"mycompany.com"

Internal DNS namespace is
"it.mycompany.com"

Problem:
I want to let people access my company's website using one URL, regardless
whether people are on the "internal" or on the "Internet". As is now, users
need to type https://mainsite.mycompany.com if they are on the Internet.
If users are "inside" my organization, they need to type https://mainsite

if I go to the "internal" DNS servers (which contains zone
'it.mycompany.com') and I create a zone named:
"mycompany. com" and I create a "host" record named:
mainsite = IP=1.1.1.1

I could associate this IP and name with my website.

Is this the correct way to implement this "unique" URL and eliminate need to
type different URL's if they are inside or outside the organization ?
Also, is there any chance of conflict in DNS since I will have a zone
(mycompany.com) with same name than it appears on the 'external' DNS servers
? Please advise.

 

[Herb Martin]

External DNS namespace is
"mycompany.com"

Internal DNS namespace is
"it.mycompany.com"

Problem:
I want to let people access my company's website using one URL, regardless
whether people are on the "internal" or on the "Internet". As is now, users
need to type https://mainsite.mycompany.com if they are on the Internet.
If users are "inside" my organization, they need to type https://mainsite

They should also be able to type mainsite.mycompany.com,
but one wonders why you don't use the conventional "www"
instead of "mainsite"???

Internal machines in an AD domain will NOT (generally)
be able to use a bare domain name (e.g., domain.com) if that
is the same name as an AD domain -- the DCs use this name
for their own purposes.

If you setup DNS correct then External customers in this latter
case may type either:

servername(usually www).domain.com or domain.com

Internal users must always type:

servername(usually www).domain.com

OR if using IE: http://NetBIOSServerName/
(must be short than 16 characters)

if I go to the "internal" DNS servers (which contains zone
'it.mycompany.com') and I create a zone named:
"mycompany. com" and I create a "host" record named:
mainsite = IP=1.1.1.1

You must not do this unless you include EVERY relevant
name from that zone -- essentially it is safest to be a secondary
to the external zone in this case.

If you cannot be a secondary to the external zone (e.g., you
run the same named zone for an AD domain) then you must
manually add ALL records relevant to your internal users.

I could associate this IP and name with my website.

Is this the correct way to implement this "unique" URL and eliminate need to
type different URL's if they are inside or outside the organization ?

It depends on the location, setup, and purposes of your
variour domains -- but above the rules are stated explictly
which are true for pretty much any situation.

Also, is there any chance of conflict in DNS since I will have a zone
(mycompany.com) with same name than it appears on the 'external' DNS servers
? Please advise.

No, the problem is not "conflict" but rather that you will
make the internal version of the names either incomplete
or allow it to go stale when changes are made.

Any conflict is done on purpose usually.

Also note, if you don't use the external zone name internally
you don't need ANY of those records if you can resolve
external records correctly in general.

You only need such tricks when you have the need to use
the DNS domain/zone in both areas.

 

[Kevin D. Goodknecht Sr. [MVP]]

In

External DNS namespace is
"mycompany.com"

Internal DNS namespace is
"it.mycompany.com"

Problem:
I want to let people access my company's website using one URL,
regardless whether people are on the "internal" or on the "Internet".
As is now, users need to type https://mainsite.mycompany.com if they
are on the Internet.
If users are "inside" my organization, they need to type
https://mainsite

if I go to the "internal" DNS servers (which contains zone
'it.mycompany.com') and I create a zone named:
"mycompany. com" and I create a "host" record named:
mainsite = IP=1.1.1.1

I could associate this IP and name with my website.

Is this the correct way to implement this "unique" URL and eliminate
need to type different URL's if they are inside or outside the
organization ?
Also, is there any chance of conflict in DNS since I will have a zone
(mycompany.com) with same name than it appears on the 'external' DNS
servers ? Please advise.

I take it https://mainsite.mycompany.com is hosted locally and is why local
users cannot access the site by the address published in the public zone?
Create a new zone named mainsite.mycompany.com, then in that zone create a
new host, leave the name field blank and give it the IP of the web server.

 

[Magoo]

Thanks for the reply.
This is the problem:
The site is published via ISA 2004. Then if the *internal* users try to hit
the https://mainsite.mycompany.com , ISA identifies the request as 'spoofing
on the external interface of the ISA box'. Thererefore it denies all
packets. That's a feature of ISA.
That's the reason why internal users cannot access the address published in
the public zone.

 

[Kevin D. Goodknecht Sr. [MVP]]

In

Thanks for the reply.
This is the problem:
The site is published via ISA 2004. Then if the *internal* users try
to hit the https://mainsite.mycompany.com , ISA identifies the
request as 'spoofing on the external interface of the ISA box'.
Thererefore it denies all packets. That's a feature of ISA.
That's the reason why internal users cannot access the address
published in the public zone.

If that is the case, then following my reply should resolve this.