Domain name same as external web domain

We recently installed a Windows 2012 server and have a question.

1. We made the server domain as which is the same as the external website  The issue is that when they attempt to go to the website it obviously only resolves to the internal domain name as the dns on the server is what is being pointed to.  If there any way by making changes to repoint (perhaps with a cname on the server) which will force it to point to the external website.  They do not have a dedicated ip for the website but it appears to be a shared ip as if we type in the ip address assigned, it pulls up a page showing windows IIS running and does not show the webpage, but if we type in the actual name the website comes up.

If the steps can be provided to accomplish this it would be appreciated if it is possible, at present we have to have the ISP dns server listed first in dns servers and then the internal domain listed second in order for the external website to resolve properly.

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Cliff GaliherCommented:
The best you can do with such a topology is to create an A record for "www" and point that to your host website IP address and users will have to remember to type "www" as part of the address.  The root domain name is essential to how Active Directory works so you can't change DNS records for that or you'll break Active Directory.

One additional step that is sometimes suggested is that you can install IIS on all of your domain controllers and then configure it to redirect to the www record.  That will resolve the issue when users forget to type www first, as it will be added for them.  However this requires running IIS on domain controllers, which is generally considered very insecure so while some suggest this, I am not one of them. It is not a path I'd recommend.

IT is because of this issue that a domain name should either be internal only (such as company.local) or, my preference, a separate doman space, such as  It avoids the major pitfalls of a shared namespace.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Peterson50Author Commented:
You are correct in that normally we do .local but did the install without realizing what we had done until we had it in production.  It is a small company of only 5 users but they connect to their website frequently for information.  How would one add the A record on the Windows Server 2012

Peterson50Author Commented:
Also can something be utilized in a local hosts file for this issue?
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

Peterson50Author Commented:
The only issue is that the ip address that the external domain resolves to apparently is not a dedicated one. If we type in the ip address it gives a IIs 7.5 Detailed error 403.14 forbidden "The web server is not configured  to list the contents of this directory"  

If we can get around this we can just modify their hosts file and they are good, any suggestions

Cliff GaliherCommented:
That's on the web server end. Not yours. The browser sends what URL was requested and the server matches it and sends the appropriate content. This allows one IP to host many websites. So you can't type an IP address. It won't work. You have to have DNS resolve on the browser's behalf so the browser can send the right string. So we are back to my above statement. You can't change DNS because AD relies on it. And it needs to work because of how web servers support virtual hosts on a single IP. It is a known and old limitation of using a publicly reachable domain name for AD.
Cliff GaliherCommented:
With only five users, I'd just plan a rebuild over the weekend and redo the domain.
Cliff GaliherCommented:
And no, editing the hosts file introduces the same problem changing DNS would. AD client services would defer to the hosts file, get that IP, and then still fail to connect to a DC at the website's address. So whether you break it by DNS or break it by using a hosts file, changing the IP address that a client gets for the root AD domain will break AD on that client. A hosts file is not a fix here.
Qlemo"Batchelor", Developer and EE Topic AdvisorCommented:
Yes, adding the DNS A record (or a HOSTS entry) for www is still the only way you can get it work, if at all. If the IIS rewrites the FQDN ( to the domain only (, then you are out of luck.

For DNS A, start the DNS control in Administrative Tools, spot your forward lookup zone named like the domain, open the context menu, and you will see the proper action to take. As a name, just enter the prefix "www", nothing else.
If you want to use HOSTS files, you'll have to put in the complete name "", of course.
Peterson50Author Commented:
How do I add the DNS A record.  I see the Forward Lookup Zone and the domain listed company listed underneath, I go into the domain and then select new Host (A or AAAA) and then what do I enter at this point, what should it look like?  
It gives me the following three fields
IP Address

Is this correct? Will it mess up anything?

I really don't want to reinstall the server if I can change this one thing but will do so if I have to
Qlemo"Batchelor", Developer and EE Topic AdvisorCommented:
You only provide
  Name: www
  IP Address: your.public.ip.address
FQDN is built automatically, and should look like    
i.e. exactly what you would use from outside your domain.
Daniel JohnsonCommented:
Hi! Very interesting informatin! Thanks. I also want to tell a very useful service that I use.
Free  Whois domain lookup  tool for finding domain names ownership information, registration data and much more.
I hope you will find it useful.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2012

From novice to tech pro — start learning today.