Local DNS config for external web page.

have customer with on-prem server
Local domain: office.domain.com
Webpage doamin.com

Called local domain for office.domain.com so they could still access their external webpage.

But what do I need to add to local DNS server so they can access it on www.domain.com and domain.com?

Assume a new zone, and maybe a www A host record?

Tore JacobsenSystem adminstratorAsked:
Who is Participating?
DrDave242Connect With a Mentor Commented:
I'm going to disagree with some of the previous recommendations. If the public domain name is domain.com and the internal domain name is office.domain.com, you shouldn't have to do anything at all on the internal DNS servers aside from ensuring they can resolve external names via forwarders or root hints. They'll resolve www.domain.com just like any other external name.

If you've created an internal zone named domain.com, get rid of it unless you have some other compelling reason to have it.

Users outside the office can access the website with no trouble, correct?
CESNetwork AdministratorCommented:
You're on the right path.  In local DNS, create a new zone for domain.com and set up your A records for the root and www sub.

as I understood you use the same domain internally and externally, right?
So you use a split DNS configuration....

Your external DNS (provider) is pointing to www.domain.com to access the public web site...
Your internal DNS server hosts a A record (www) and it pointing to the external IP Addreess of your public web site...

If your internal and external domains are different, there are several options:
- If your have forwarders configured, nothing else is needed.
- You can add the external domain as a new zone with an A record pointing to your external server
- You can add a delegation record, which forwards all requests for an external domain to the DNS severs of your provider.
A new zone can be used, if the internal and external domain are different.
In this case, you can also add a delegation for that domain on your local DNS. A delegation record redirects all requests for an external domain to the DNS server, which is responsible for that domain. .
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

Tore JacobsenSystem adminstratorAuthor Commented:
Hi and thanx.
Yes internal and external domain is different . Local : Office.domain.com    external:  domain.com
So is best practis to set ut extra zone (primary) with two A records (www and root) or delegation record (and if so how?)
Or can I just set up forwarders? Have set up ISP's DNS servers as forwarders but seems like internal users are reaching internal server (asking for log on) when trying to access webpage. - works outside of office.
Tore JacobsenSystem adminstratorAuthor Commented:
So I tried adding a new primary zone to local DNS called domain.com and added two A records (www and root), pointed them both to the external IP I got pinging the domian.no webpage.
Still don't get inn.

The website declined to show this webpage
  HTTP 403
Most likely causes:
•This website requires you to log in.
You just may use NSLookup on a client to see, if you get the correct IP address, so all names with xxx.office.domain.com should resolve to an internal IP Address while www.domain.com and root.domain.com should deliver the external IP address...

HTTP 403 means "forbidden", but can also be a result, that the server can not be reached....

If NSLookup delivers the correct IP Address, the reason for HTTP 403 is not the DNS setting.

You may try to use tracert www.domain com as well as tracert x.x.x.x (the external IP Address to your external server) to see, where the request fails. Possibly a firewall or proxy issue....

Delegation may not work in your environment, as the internal domain is a subdomain of your top level domain.
Pushpakumara MahagamageVPCommented:
Your steps correct,

1. create forward lookup zone for domain.com

create host record [ A record] for root = public IP [external]

Create host record [A record ] for subdomain www = public IP [external ]

create host record [A record] for sub domain office = local IP

You can check that setting with c:\Windows\System32\drivers\etc\hosts file.  

Don't give any points for this, but I completely agree with DrDave242.  This is a great benefit of having your internal/AD domain different than your public domain - that you don't have to create special zones or records on your internal DNS to resolve records which you have on your public DNS.
Pushpakumara MahagamageVPCommented:

By the way what is you local Primary domain which your users PCs and etc belongs to.

1. is it something like domain.local  
2. Is it same as your web site domain.com
Tore JacobsenSystem adminstratorAuthor Commented:
Webpage hosting company had blocked their IP after they had tried to log on for edeting with wrong password. Would be nice to have this info earlier..
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.