Intranet Website Addressing with WWW domain

MightyMikey
MightyMikey used Ask the Experts™
on
Hi EE-
I’m looking to setup an internal address like “inside.company.com” for our intranet website.  However, our internal domain is “corp.company.com”.  Our external domain is “company.com”.  We host our own external web server and I wanted to place the intrAnet site on the same server.  We’re running Windows Server 2008 Webserver Edition and Server 2008 for AD/DNS.

Is it possible to give my internal users the address “inside.company.com” as opposed to “inside.corp.company.com” without compromising security?  If so, how?

Please advise!
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Leon FesterSenior Solutions Architect

Commented:
You can setup a split DNS zone solution, by creating a new DNS zone called company.com
In this zone create an A record for www and point it to your corp website address
create an A record for inside and point it to your intranet site IP address.
Setup a DNS zone inside.company.com on your internal DNS server (if you create company.come, you need to replicate a lot of external DNS data so that external stuff works also from inside) and add an A record directl to the zone itself
Next, make sure your webserver serves by host header.

Then internal users will see "their" site under http://inside.company.com as well as the same as the rest of the world under http.//company.com or http.//www.company.com (or http://shop.company.com or whatever many websites you run as well)

As you mention security:
The DNS name  inside.company.com  is not publicly known, but that does not prevent the site itself from being accessible from extern. In principle, anybody could just enter that name and its ip address in their hosts file and could then access the internal site.
(Of course, they have no "normal" way of guessing that name and IP, but then again ...)
Instead of using DNS, you should (additionally) restrict access to the site by IP.

Author

Commented:
I didnt mention...we do not host the DNS for our external domain name (company.com); only our internal.  Does that make a difference?
How to Generate Services Revenue the Easiest Way

This Tuesday! Learn key insights about modern cyber protection services & gain practical strategies to skyrocket business:

- What it takes to build a cloud service portfolio
- How to determine which services will help your unique business grow
- Various use-cases and examples

Not really.
But then you should really consider adding only a zone "internal.company.com" and not "company.com" or else you might interfere with your external services (i.e. they would be inaccessible from inside unless you copy all "official" data to your then internal copy).

Or if your "we do not host the DNS for external domain" means that you maybe *do* use company.com as inernal zone (e.g. in active directory), but that data is not published to the "official" internet DNS of company.com, then you are ok as well  (and have the zone already on your internal DNS server and have probably treated any conflicts before and need only add the host entry)

Author

Commented:
In your second sentence, when you mention, "consider adding only a zone" are you referring to adding it on my internal DNS server or external DNS server?  

I do not understand how I can have my internal DNS configured to point to intranet.company.com when the parent domain is corp.company.com.  It's no different than company.local.

Author

Commented:
In other words, if I create a DNS zone "inside" or "intranet" on my internal DNS the full name will read "inside.corp.company.com" as opposed to "inside.company.com"

Any ideas?

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial