domain name issue

Discussion in 'Server Networking' started by SBS user, Jul 6, 2009.

  1. SBS user

    SBS user Guest

    I have a domain where the system was setup internally as domain.org instead
    of domain.local. The problem is that we do not host our website so when the
    employees try to go to our website the system looks internally for it and
    finds nothing. Is there a setting we can change so that when people try to
    browse to domain.org the DNS sends them out of the local network to find the
    website that is hosted offsite? I do not want to rename the whole domain as
    domain.local (even though I know it should have been setup that way to begin
    with, someone else set it up before me)
     
    SBS user, Jul 6, 2009
    #1
    1. Advertisements

  2. The ".local" is a bad choice. That was some kind of push from the SBS crew
    to use that, but it was a bad idea. The TLD should not have more than three
    letters,...some OS's have a hard time with one that is over 3 letters. If
    you wanted to use "local",...then ".loc" would be a better choice

    Secondly there is nothing wrong with having the AD Domain the same as the
    Public Name.
    Just create a Host Record (an "A" Record) in the DNS Zone.
    Call it "www".
    Give it the Public IP# of the web site.

    --
    Phillip Windell

    The views expressed, are my own and not those of my employer, or Microsoft,
    or anyone else associated with me, including my cats.
    -----------------------------------------------------
     
    Phillip Windell, Jul 6, 2009
    #2
    1. Advertisements

  3. Hi Phillip,

    I just want to add for the poster, this solution is the best solution to get to the external same-name website. However, if the poster wants to go to http://domain.org (without the www), it is a little more complex due to the 'split-zone' scenario in place (same name internal/external) because EACH domain controller registers themselves into DNS with an IP address as:
    (same as parent) A x.x.x.x

    This record is actually called the LdapIpAddress. Each DC registers one for itself. AD uses that record for a number of things, such as DC to DC replication, Sysvol replication, GPOs and DFS. Don't mess with it please.

    To get around that, on EACH DC, install IIS. In the default website properties, directory tab, redirect it to www.domain.com, which will redirect it to the www record that was created.

    Otherwise, just live with the fact the users always get to it with the www in front of it.

    --
    Ace

    This posting is provided "AS-IS" with no warranties or guarantees and confers no rights.

    Please reply back to the newsgroup/forum to benefit from collaboration among responding engineers, as well as to help others benefit from your resolution.

    Ace Fekay, MCT, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSA Messaging
    Microsoft Certified Trainer

    http://twitter.com/acefekay

    For urgent issues, you may want to contact Microsoft PSS directly. Please check http://support.microsoft.com for regional support phone numbers.
     
    Ace Fekay [Microsoft Certified Trainer], Jul 6, 2009
    #3

  4. Jared,

    I've seen issues with the .local name when there are Mac OSx workstations or an OSx server in the infrastructure bound to the domain, because Rendezvous uses that name.

    Ace
     
    Ace Fekay [Microsoft Certified Trainer], Jul 7, 2009
    #4
  5. Macs with an OS older than v10 had the problem with the loger TLD. I don't
    know of any others specifically. But I like to stay with priciples just the
    same. Other than that I think a TLD of longer than 3 just looks stupid to
    me :) It's that obsessive-compulsive-disorder thing.

    --
    Phillip Windell

    The views expressed, are my own and not those of my employer, or Microsoft,
    or anyone else associated with me, including my cats.
    -----------------------------------------------------
     
    Phillip Windell, Jul 7, 2009
    #5
  6. OCD? They have stuff for that!

    (just kidding!)

    Cheers!

    Ace
     
    Ace Fekay [Microsoft Certified Trainer], Jul 7, 2009
    #6
  7. I like my OCD,..I'm keeping it!

    --
    Phillip Windell

    The views expressed, are my own and not those of my employer, or Microsoft,
    or anyone else associated with me, including my cats.
    -----------------------------------------------------
     
    Phillip Windell, Jul 7, 2009
    #7
  8. I guess you can say it's one of the pleasures we're allowed to keep!
     
    Ace Fekay [Microsoft Certified Trainer], Jul 8, 2009
    #8
  9. SBS user

    Bill Grant Guest

    Phillip is showing he has been in the business too long. How do you cope
    with file names over 8 characters, Phill?

    I must admit I also keep to 3 character extensons too! I use .lcl . I
    even had a test domain on a virtual network called local.lcl .
     
    Bill Grant, Jul 8, 2009
    #9
  10. Hmm, local.lcl? Sounds like an abbreviated stutter.str.

    :)
     
    Ace Fekay [Microsoft Certified Trainer], Jul 8, 2009
    #10
  11. My Therap~1.doc got me past that one. Uh,...I mean Therapist.


    --
    Phillip Windell

    The views expressed, are my own and not those of my employer, or Microsoft,
    or anyone else associated with me, including my cats.
    -----------------------------------------------------
     
    Phillip Windell, Jul 8, 2009
    #11
  12. SBS user

    SBS user Guest

    Can you provide directions on how to add the entry since I have not done
    this before?
     
    SBS user, Jul 17, 2009
    #12
  13. You just go into the Zone in your DNS and add an "A" Record (aka a Host
    Record) for the name "www",...then give it the correct IP# for the Site.

    I'm just repeating the same thing I said at the bottom on the post you are
    replying to.

    --
    Phillip Windell

    The views expressed, are my own and not those of my employer, or Microsoft,
    or anyone else associated with me, including my cats.
    -----------------------------------------------------


     
    Phillip Windell, Jul 17, 2009
    #13
  14. Phillip,

    I also posted info in addition to your instructions earlier in the thread.
    It's possible the poster may not be able to, or see the posts.

    Here's a blown up explanation for the poster. Hopefully this post will get
    through. It's actually part of an article I wrote. Hopefully the step by
    step will help.

    ======================================================================================================
    How do I resolve my external website when my internal name is the same as my
    external name (split zone)?

    Or

    From inside the office, I can't get to http://domain.com, but can using
    http://www.domain.com after creating an A 'www' record.
    ---
    By Ace Fekay, MCT
    Updated 7/29/2008
    ---

    Is your internal domain name and external domain name the same? If so, it's
    called a split zone.

    There are two ways to get to your website using 'www' in front of your
    domain name (such as www.domain.com), depending on how your web hosting
    provider's web servers are setup:

    1. The simplest way to allow your internal users to get to your external
    website is to simply create a "A" www record (DO NOT create an Alias or
    CNAME record), and provide the IP address of the external web server.

    Open DNS console
    Right-click your zone name, such as yourdomain.net, choose New Host Record
    Type in www
    Type in the IP address of the external website

    2. However, if your web hosting provider uses more than one web servers,
    such as in a server farm, instead of an "A" record, I suggest to create a
    delegation for 'www' to the public name servers that are authorative for
    your zone. YOu will need to find the SOA of your zone. To create the record,
    simply right-click your zone name, choose new delegation, type in www, and
    provide the SOA of your public domain.

    How do you get your SOA for your public domain name? Use nslookup.

    In a command prompt, type in nslookup, hit enter.
    Then type in the following:
    The results will tell you the SOA of your domain name. Use the SOA's IP
    address for the delegation record when you create the delegation in step# 2
    above.

    As for resolving the domain name with http://domain.com (without the www in
    front of it), is a little more complex. Normally if you are not using Active
    Directory internally, you would simply create a new Host record (as in
    step#1), but without typing anything in for the hostname, and simply type in
    the IP address. This is called a blank domain name, which allows the name to
    resolve without the 'www' in front of it. However, if you are using Active
    Directory, this 'blank' domain name is actually used by the domain
    controllers in the domain. It's a unique record that each domain controller
    registers into DNS with an IP address, without a hostname, which appears
    under your internal zone name as:

    (same as parent) A x.x.x.x

    This record that the DCs register, is actually called the "LdapIpAddress."
    Each DC registers one for itself. AD uses these records for a number of
    things, such as DC to DC replication, Sysvol replication, GPOs and DFS.
    Don't mess with it please or expect problems. The DCs will re-register this
    record anyway if you delete it and thwart your attempt. If you create a
    blank record for your website, it will get cause problems with AD.

    To get around that, you can use a workaround. The workaround is, on EACH DC,
    install IIS. Then open Internet Information Services console. In the default
    website properties, Directory tab, select redirect, and redirect it to
    www.domain.com. This way when any one of your users type in
    http//domain.com, it will resolve to the www record you've created in Step#1
    or #2 above. But this procedure must be performed on each DC.


    Now if you have a different internal domain name and external domain name,
    and the website is hosted externally:
    There's nothing to do. Internet resolution will handle everything.

    Don't forget, ALWAYS and ONLY use the internal DNS servers in your AD
    environment for all machins (DCs, member servers and workstations, including
    your VPN clients). Never use your ISP's DNS servers, or your router's IP
    address as a DNS address in any internal machine's IP properties. Otherwise,
    expect AD problems.

    Don't forget to configure a forwarder for more efficient internet name
    resolution. I've always used this as a best practice. It offloads internet
    name resolution to your ISP's DNS addresses so your server doesn't have to
    use the Root Hints to resolve external names.

    Ace Fekay, MCT
    ======================================================================================================

    Ace
     
    Ace Fekay [MCT], Jul 17, 2009
    #14
  15. SBS user

    SBS user Guest

    Sorry, I did not know that you had given the full directions, as I had never
    done this before. Thanks for the update.

     
    SBS user, Jul 20, 2009
    #15
  16. SBS user

    SBS user Guest

    Sorry, I did not know that you had given the full directions, as I had never
    done this before. Thanks for the update.
     
    SBS user, Jul 20, 2009
    #16
  17. You are welcome.

    Ace
     
    Ace Fekay [MCT], Jul 20, 2009
    #17
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.