Intranet Website Addressing with WWW domain

MightyMikey used Ask the Experts™
Hi EE-
I’m looking to setup an internal address like “” for our intranet website.  However, our internal domain is “”.  Our external domain is “”.  We host our own external web server and I wanted to place the intrAnet site on the same server.  We’re running Windows Server 2008 Webserver Edition and Server 2008 for AD/DNS.

Is it possible to give my internal users the address “” as opposed to “” without compromising security?  If so, how?

Please advise!
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Leon FesterSenior Solutions Architect

You can setup a split DNS zone solution, by creating a new DNS zone called
In this zone create an A record for www and point it to your corp website address
create an A record for inside and point it to your intranet site IP address.
Setup a DNS zone on your internal DNS server (if you create company.come, you need to replicate a lot of external DNS data so that external stuff works also from inside) and add an A record directl to the zone itself
Next, make sure your webserver serves by host header.

Then internal users will see "their" site under as well as the same as the rest of the world under http.// or http.// (or or whatever many websites you run as well)

As you mention security:
The DNS name  is not publicly known, but that does not prevent the site itself from being accessible from extern. In principle, anybody could just enter that name and its ip address in their hosts file and could then access the internal site.
(Of course, they have no "normal" way of guessing that name and IP, but then again ...)
Instead of using DNS, you should (additionally) restrict access to the site by IP.


I didnt mention...we do not host the DNS for our external domain name (; only our internal.  Does that make a difference?
How to Generate Services Revenue the Easiest Way

This Tuesday! Learn key insights about modern cyber protection services & gain practical strategies to skyrocket business:

- What it takes to build a cloud service portfolio
- How to determine which services will help your unique business grow
- Various use-cases and examples

Not really.
But then you should really consider adding only a zone "" and not "" or else you might interfere with your external services (i.e. they would be inaccessible from inside unless you copy all "official" data to your then internal copy).

Or if your "we do not host the DNS for external domain" means that you maybe *do* use as inernal zone (e.g. in active directory), but that data is not published to the "official" internet DNS of, then you are ok as well  (and have the zone already on your internal DNS server and have probably treated any conflicts before and need only add the host entry)


In your second sentence, when you mention, "consider adding only a zone" are you referring to adding it on my internal DNS server or external DNS server?  

I do not understand how I can have my internal DNS configured to point to when the parent domain is  It's no different than company.local.


In other words, if I create a DNS zone "inside" or "intranet" on my internal DNS the full name will read "" as opposed to ""

Any ideas?

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial