Same Internet Domain and AD Domain Name

[hayden hill]

Hi,

I made the frequent mistake of naming my AD name the same as our
domain name. I have worked at other places before where this has been
done and apart from adding a few records in DNS, its never been a
problem.

However, when i add the www record in DNS to point at our external web
server, this still does not help.

What else can i try ??

Cheers

Hayden

 

[Dmitry Korolyov [MVP]]

Install and additional DNS server for hosting your external zone - that is,
with records relevant to internet-visible resources in your domain - and
place it on the internet.

 

[Ryan Hanisco]

The most common configuration is to have an AD integrated DNS running your
internal system and a separate set of DNS servers running your external
naming to the world.

The issue comes with the NAT that is occurring. In many firewalls and
routers (PIX, Watchguard Vclass, etc) you run into a double NAT situation
and when an internal host goes through the firewall/ router to the external
IP address and uses PAT to see the Internet, but then it sees the static NAT
into your DMZ or internal network and hairpins back through the device.
Most routers/firewalls don't support this well.

The solution is to add an address on your internal DNS, AD DNS, to reference
your web server by its internal IP or the IP with a static route to your
DMZ, giving you only one NAT resolution. This isn't a bad idea anyway,
because internal users can be heavy consumers of DMZ resources and this can
reduce the load on your hardware.

 

[Herb Martin]

Hi,

I made the frequent mistake of naming my AD name the same as our
domain name. I have worked at other places before where this has been
done and apart from adding a few records in DNS, its never been a
problem.

You are correct it is NOT a big problem, and it is
not necessarily a mistake. It is a choice.

It is a valid choice if it suits your purposes.

However, when i add the www record in DNS to point at our external web
server, this still does not help.

The largest issue is that you need to run a Shadow DNS
system -- which is really two different DNS zones using
the same name.

One of these will be external with it's own Primary (and
likely a secondary) DNS server.

The other will be strictly internal and dynamic to support
AD. It will also have it's own Primary (which is what
causes it to really be two different zones.)

All external records should/must be added manually to
the internal version of the zone -- if your internal users
are to resolve those names.

Your external DNS server (set) is best left at the Registrar
in almost all cases.

 

[Enkidu]

Hi,

I made the frequent mistake of naming my AD name the same as our
domain name. I have worked at other places before where this has been
done and apart from adding a few records in DNS, its never been a
problem.

However, when i add the www record in DNS to point at our external web
server, this still does not help.

What else can i try ??

There's some good advice in the other posts. However, can you explain
what you did exactly? Adding the external IP address and the host name
to the zone for the Domain Name should have worked.

When you added the www server, you should have added it as "www" and
the correct IP address. If you added "www.domain.com" that would be
wrong.

Do all clients have your Internet gateway as their default gateway?
Also be aware that a change to DNS would NOT be immediate at the
clients, which may have cached an earlier version of "www".

Cheers,

Cliff