Solved

Active Directory/DNS and Domain Name

Posted on 2009-07-08
8
458 Views
Last Modified: 2012-06-27
I have a network that is controlled by a windows 2003 AD. The network domain was setup as somedomain.com. (somedomain.com is also our website address). The AD servers are set external to our network. This means that our machine names are exposed to the internet. Yes, I know. Very dangerous but the firewall blocks any traffic. The AD DNS contains records for computers on the network as well as our web sites we host. We are trying to correct this problem as well as a few others. I do have one question I am not sure of. Our AD domain is somedomain.com. when I type that into the web browser it doesnt resolve anywhere. (If I type www.somedomain.com it works fine) When I do an NSLookup it returns all of our AD servers. I need this domain to point to our webserver/website. How do we resolve this even after we have split our DNS and set things up correctly?
0
Comment
Question by:ronayers
8 Comments
 
LVL 11

Accepted Solution

by:
willettmeister earned 100 total points
ID: 24805141
I don't think that you are going to be able to resolve somedomain.com on the web until you cleanup DNS.  The entries that are in DNS currently are required for proper AD functionality.  If you modify them you will likely cause your self problems.  If you are planning on making a new domain and migrating the existing machines then to a new domain like somdomain.local then you coudl eventually point somedomain.com to the webserver but there is a lot of cleanup that is necessary first.
0
 
LVL 1

Assisted Solution

by:Wildone63
Wildone63 earned 100 total points
ID: 24805206
This can be quite confusing but if you follow a few simple rules of thumb you should be ok.

First you would create the "Internal DNS" that will support your active directory, Your Internal domain  should be called something like somedomain.local then on the same DNS server create a second DNS zone for External addresses that You control such as your web site and setup forwarders for all other requests. The External Domain will be somedomain.com. You need to configure your pc's that are internal to use the .local dns suffix. So your DNS server will resolve all local addresses and forward external DNS request's to your ISP's DNS servers

Hope this helps.
0
 
LVL 10

Assisted Solution

by:Alan_White
Alan_White earned 100 total points
ID: 24805222
I concur.
You are in a whole lot trouble.  I believe you would be best buying in some consultantancy to get you back on track.  If this was a test site, go ahead and try stuff, but dont mess with DNS in a live environment unless you are 100% sure what you are doing.
0
 
LVL 18

Assisted Solution

by:Americom
Americom earned 100 total points
ID: 24805357
What you should probably do is create a new AD domain either with somedomain.local or just newdomain.somedomain.com. See debate on which one to use here:http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_23446306.html
I personally prefer the second one as a new root domain. This means the  "newdomain" is not a child domain of "somedomain.com". It is a completely separate domain from "somedomain.com" and it has and runs on it's own DNS. Once that's setup, you can create trust between "somedomain.com" and "newdomain.somedomain.com" and migrate all the internal servers from "somedomain.com" to "newdomain.somedomain.com" and leave the systems in the somedomain.com such as if it's external web or DNS servers etc. Then for your internal domain "newdomain.somedomain.com", configure your DNS to forward unresolve quiery to external DNS in the "somedomain.com". You can also eliminate the establised or just leave one-way trust from external to internal domain, this way you in the internal can access the external resources but not the other way around.
0
 
LVL 70

Assisted Solution

by:Chris Dent
Chris Dent earned 100 total points
ID: 24806723

> How do we resolve this even after we have split our DNS and set things up correctly?

For the rest of the world you'll be able to deal with that if you split the public DNS service out. I strongly advise you find somewhere to host it. In my opinion public DNS services have no place on Domain Controllers.

However, unless you rename the AD domain, or rebuild it entirely you will not be able to use "http://domain.com" within your own network. AD must keep that name, it's essential to the operation of your domain.

I would also go with "newdomain.somedomain.com", an example of that would be corp.contoso.com. But unless there's a desperate need to rebuild the domain I would just have everyone inside use "www.somedomain.com" rather than make yourself a lot of work. Putting aside this limitation there's no real reason you can't use "somedomain.com" for AD.

Chris
0
 
LVL 18

Expert Comment

by:Americom
ID: 24984732
I suggest points be splited.
0
 
LVL 142

Expert Comment

by:Guy Hengel [angelIII / a3]
ID: 25018164
Americom,
 can you post the comments you would recomment for split in the form:
  http://#a<comment id>

thanks
0

Join & Write a Comment

Resolve DNS query failed errors for Exchange
In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now