company website DNS issue

our company's DNS/domain is domain.com. our corporate website is domain.com. When users type in http://domain.com they get an IIS7 page (on the domain controllers). When users type in http://www.domain.com they get the correct webpage. I know this is a DNS issue and I could maybe resolve this by installing IIS on every domain controller and performing a redirect to www.domain.com. is there anything else that I could do to prevent having to install DNS on the domain controllers besides changing my domain?
LVL 1
jbla9028Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Jan SpringerCommented:
The "A" record for 'domain.com' should be the same as 'www.domain.com'.

Additionally, you need to configure IIS to answer for 'domain.com' as an alias.
0
jbla9028Author Commented:
if I change the A record for domain.com won't that cause all traffic destined to domain.com to go out to the webserver? won't it affect users ability to authenticate?
0
Jan SpringerCommented:
I don't know how  you're authenticating.  But if you need 'domain.com' to go to a.b.c.d, then it must be configured in DNS.
0
Introducing the "443 Security Simplified" Podcast

This new podcast puts you inside the minds of leading white-hat hackers and security researchers. Hosts Marc Laliberte and Corey Nachreiner turn complex security concepts into easily understood and actionable insights on the latest cyber security headlines and trends.

jbla9028Author Commented:
so our ActiveDirectory domain name is DOMAIN.COM(IP = 10.1.1.1 PrivateIP) our website is WWW.DOMAIN.COM (IP=1.2.3.4.5 Public IP) If I put an A record in my DNS won't clients try to login and authenticate against 1.2.3.4.5?
0
Jan SpringerCommented:
Does AD use DNS to determine the authentication webserver or is the AD IP address predefined?
0
ArneLoviusCommented:
AD uses SRV records in internal DNS to discover domain controllers, you do not need to have a A records for domain.com pointing at the domain controllers

Best practice would be to not use the same domain internally as externally, but....
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Jan SpringerCommented:
So, if AD uses a SRV record and the author wants both "domain.com" and "www.domain.com" then I would:

domain.com     => A record => ip address
www.domain.com => CNAME record => domain.com
0
ArneLoviusCommented:
I would have both as A records
0
Jan SpringerCommented:
I wouldn't.  Anytime you get into serious DNS changes, always create the first host with an A record and make all of the rest CNAME records.  Minimizes the number of changes and also the number of errors.
0
ArneLoviusCommented:
for a web server with multiple internal sites on it I would agree, for a single host I would have an A record
0
Jan SpringerCommented:
It. Does. Not. Scale.  Being consistent and developing proper administrative skills are important.
0
ArneLoviusCommented:
I completely agree with the sentiment, however scalability is not always a requirement. sometimes it is simpler to just use A records.

A records "always" work.

CNAMES have been known to be broken by operating systems (See Apple OS X 10.6)

0
Jan SpringerCommented:
It's not a sentiment.  It's a standard.  It's about development the proper skills and habits.
0
ArneLoviusCommented:
When Apple "broke" CNAMEs  I had to change $lots of CNAME records to A records, we decided to leave them in place rather than change back and change them again if the Apple bug re-appeared.

As I posted above, if you have multiple sites that need to be accessed on one web server, then it makes sense to use CNAMES, it can also make sense to use CNAMES to provide a level of abstraction to provide for services being moved to a new server, however sometimes it makes sense to use A records

If you have a suitable process in place for managing DNS, managing A records is no more likely to produce an error than using CNAMEs

While RFC 2181 discussed how to use CNAMEs, where you use them or not is down to preference. There is no standard that I am aware of that states that you MUST use CNAMEs, if you can provide a reference to an RFC that is different I would be most interested in seeing it.

As an aside, A PTR record of course should be to an A record not a CNAME...
0
Jan SpringerCommented:
Apple didn't break cnames.  They might have screwed up their distribution of DNS.

As I posted above, it's really about practicality and scalability and understanding what you're doing with DNS configuration files.  It really doesn't help to offer bad habits that don't scale.

A PTR should be to an A record and not a CNAME?  Huh?  A PTR is to a fully qualified domain name.
0
Craig BeckCommented:
I would use A records, but technically _jesper_ is correct.

The http://domain.com issue can be fixed easily by adding a blank A record in the DOMAIN.COM zone which points to the IP address of the web server.

Generally this is usually followed by a CNAME record pointing www.domain.com to the domain.com A record.
0
jbla9028Author Commented:
Thanks for clarifying this for me. Thanks for the help!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
DNS

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.