Active Directory DNS: single entry for external domain?
Posted on 2011-10-05
Sorry for the convoluted title.
I have the following situation:
A web server that lives in our company intranet has an address in a private range in the domain mycorp.localdomain. Certain license restrictions prevent us from changing this address. Port 443 is made public using port-forwarding over a public address on our gateway. So far so good.
Externally, we use a hosted Linux server with Bind9 as the authoritative name server for the mycorp.com domain. This server resolves our web server fqdn to the external, public address, so:
superwebsite.mycorp.com -> 220.127.116.11 (apologies to google)
Internally, we use an W2k3 Active Directory server as a dns server. This server is authoritative for our intranet domain and resolves the internal fqdn of our server to the private address, so:
superwebsite.mycorp.localdomain -> 192.168.1.25
We have recently purchased a commercial SSL certificate for superwebsite.mycorp.com, so we need our internal AD Server to resolve the public fqdn to the private address, so:
superwebsite.mycorp.com -> 18.104.22.168
We also would like to serve Subversion repositories from this server, so it is important that the external URL be the same as the internal, otherwise developers will have trouble with their workspaces...
How can I tell Active Directory to resolve this one specific fqdn to the private address? Obviously I can't create the zone superwebsite.mycorp.com inside the intranet: this would cause the AD DNS server to consider itself authoritative and ignore the real authoritative server outside of the intranet.