question

LuisEduardoReyesGaspar-7519 avatar image
0 Votes"
LuisEduardoReyesGaspar-7519 asked GloriaGu-MSFT edited

Error resolving DNS domain

Dear Friends

I have an issue for resolving DNS from internal domain to external on the company, I'll try to explain it...

I have an internal domian as domain.com with AD DS services DNS and DHCP only for internal users.

The company has a web page hosped on third party provider with the same domain as domain.com.

Internelly users cannot resolve the web page because is out company, but I tried to create a record with its Public IP and hostname and I think it works.

On DNS Server has DNS forwarders and root hints and it works ok.

My question is, is it valid to create a record with an Public IP on the internal DNS?

Could anyone help me ? Which is the better recommendation or What Should I configure?

Best regards

Luis Reyes

windows-dhcp-dns
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

2 Answers

DSPatrick avatar image
0 Votes"
DSPatrick answered

Sounds like you may need a split brain deployment.
https://docs.microsoft.com/en-us/windows-server/networking/dns/deploy/split-brain-dns-deployment


--please don't forget to Accept as answer if the reply is helpful--




5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

GloriaGu-MSFT avatar image
0 Votes"
GloriaGu-MSFT answered GloriaGu-MSFT edited

@LuisEduardoReyesGaspar-7519 Hi,

Thank you for posting in Q&A!

According to my research, so far there're two methods suggested to solve your issue:

  1. It is suggested to contact your third party website provider, to change the website into "www.domain.com" and add an A record "www" in internal DNS server under the forward lookup zone which point to the public IP of the website.
    If it's hard to change the website into "www.domain.com", redirection might be helpful too.


  2. If you don't want to change the website, you can Create an empty A record under the forward lookup zone which point to the public IP of the website.
    However, this method is not suggested because it will cause some unexpected problems when the users trying to perform AD authentication.

There're some same issue threads discussed about these solutions, For more details, you can refer to:
https://www.dell.com/support/article/en-sg/sln164042/dns-considerations-in-a-windows-environment-with-identical-internal-and-external-domain-names?lang=en
https://social.technet.microsoft.com/Forums/ie/en-US/4d97325b-ff3a-4f46-ba6e-dc3f4ff978e1/dns-internal-domain-has-same-name-as-external-website?forum=winserverNIS



Hope you have a nice day : )
Gloria
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
https://docs.microsoft.com/en-us/answers/articles/67444/email-notifications.html

· 2
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

LuisEduardoReyesGaspar-7519 avatar image LuisEduardoReyesGaspar-7519 ·

HI GloriaGu-MSFT

I appreciate your help so much

So Do you recommend to create a record type A on the internal DNS? if so, I only will have to create a record as www with its IP Public, but is valid to create on the internal DNS?

For the first point, I say it wll be impossible to change the web site

Thank you so much for your answer

0 Votes 0 ·
GloriaGu-MSFT avatar image GloriaGu-MSFT LuisEduardoReyesGaspar-7519 ·

Hi,

If it's impossible to change the website into "www.domain.com", adding an A record "www" with the public IP will be meaningless, because the "www.domain.com" even didn't exist.

The only method will be creating an empty A record with the public IP, so when the internal user want to resolve the "domain.com", it will come up with the result of the existing internal record of the “domain.com” and the public ip randomly (so I said it will cause some AD authentication problems)

But since you can not change the website, it seems that you can only use this method. It is suggested that you can first test in your lab environment, if it works fine, then put it into the production environment, which is more safer, hope it will be helpful to you!

0 Votes 0 ·