company website DNS issue

our company's DNS/domain is our corporate website is When users type in they get an IIS7 page (on the domain controllers). When users type in they get the correct webpage. I know this is a DNS issue and I could maybe resolve this by installing IIS on every domain controller and performing a redirect to is there anything else that I could do to prevent having to install DNS on the domain controllers besides changing my domain?
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Jan SpringerCommented:
The "A" record for '' should be the same as ''.

Additionally, you need to configure IIS to answer for '' as an alias.
jbla9028Author Commented:
if I change the A record for won't that cause all traffic destined to to go out to the webserver? won't it affect users ability to authenticate?
Jan SpringerCommented:
I don't know how  you're authenticating.  But if you need '' to go to a.b.c.d, then it must be configured in DNS.
Protecting & Securing Your Critical Data

Considering 93 percent of companies file for bankruptcy within 12 months of a disaster that blocked access to their data for 10 days or more, planning for the worst is just smart business. Learn how Acronis Backup integrates security at every stage

jbla9028Author Commented:
so our ActiveDirectory domain name is DOMAIN.COM(IP = PrivateIP) our website is WWW.DOMAIN.COM (IP= Public IP) If I put an A record in my DNS won't clients try to login and authenticate against
Jan SpringerCommented:
Does AD use DNS to determine the authentication webserver or is the AD IP address predefined?
AD uses SRV records in internal DNS to discover domain controllers, you do not need to have a A records for pointing at the domain controllers

Best practice would be to not use the same domain internally as externally, but....

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Jan SpringerCommented:
So, if AD uses a SRV record and the author wants both "" and "" then I would:     => A record => ip address => CNAME record =>
I would have both as A records
Jan SpringerCommented:
I wouldn't.  Anytime you get into serious DNS changes, always create the first host with an A record and make all of the rest CNAME records.  Minimizes the number of changes and also the number of errors.
for a web server with multiple internal sites on it I would agree, for a single host I would have an A record
Jan SpringerCommented:
It. Does. Not. Scale.  Being consistent and developing proper administrative skills are important.
I completely agree with the sentiment, however scalability is not always a requirement. sometimes it is simpler to just use A records.

A records "always" work.

CNAMES have been known to be broken by operating systems (See Apple OS X 10.6)

Jan SpringerCommented:
It's not a sentiment.  It's a standard.  It's about development the proper skills and habits.
When Apple "broke" CNAMEs  I had to change $lots of CNAME records to A records, we decided to leave them in place rather than change back and change them again if the Apple bug re-appeared.

As I posted above, if you have multiple sites that need to be accessed on one web server, then it makes sense to use CNAMES, it can also make sense to use CNAMES to provide a level of abstraction to provide for services being moved to a new server, however sometimes it makes sense to use A records

If you have a suitable process in place for managing DNS, managing A records is no more likely to produce an error than using CNAMEs

While RFC 2181 discussed how to use CNAMEs, where you use them or not is down to preference. There is no standard that I am aware of that states that you MUST use CNAMEs, if you can provide a reference to an RFC that is different I would be most interested in seeing it.

As an aside, A PTR record of course should be to an A record not a CNAME...
Jan SpringerCommented:
Apple didn't break cnames.  They might have screwed up their distribution of DNS.

As I posted above, it's really about practicality and scalability and understanding what you're doing with DNS configuration files.  It really doesn't help to offer bad habits that don't scale.

A PTR should be to an A record and not a CNAME?  Huh?  A PTR is to a fully qualified domain name.
Craig BeckCommented:
I would use A records, but technically _jesper_ is correct.

The issue can be fixed easily by adding a blank A record in the DOMAIN.COM zone which points to the IP address of the web server.

Generally this is usually followed by a CNAME record pointing to the A record.
jbla9028Author Commented:
Thanks for clarifying this for me. Thanks for the help!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.