Local DNS config for external web page.

have customer with on-prem server
Local domain: office.domain.com
Webpage doamin.com

Called local domain for office.domain.com so they could still access their external webpage.

But what do I need to add to local DNS server so they can access it on www.domain.com and domain.com?

Assume a new zone, and maybe a www A host record?

Tore JacobsenSystem adminstratorAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

CESNetwork AdministratorCommented:
You're on the right path.  In local DNS, create a new zone for domain.com and set up your A records for the root and www sub.

as I understood you use the same domain internally and externally, right?
So you use a split DNS configuration....

Your external DNS (provider) is pointing to www.domain.com to access the public web site...
Your internal DNS server hosts a A record (www) and it pointing to the external IP Addreess of your public web site...

If your internal and external domains are different, there are several options:
- If your have forwarders configured, nothing else is needed.
- You can add the external domain as a new zone with an A record pointing to your external server
- You can add a delegation record, which forwards all requests for an external domain to the DNS severs of your provider.
A new zone can be used, if the internal and external domain are different.
In this case, you can also add a delegation for that domain on your local DNS. A delegation record redirects all requests for an external domain to the DNS server, which is responsible for that domain. .
Tore JacobsenSystem adminstratorAuthor Commented:
Hi and thanx.
Yes internal and external domain is different . Local : Office.domain.com    external:  domain.com
So is best practis to set ut extra zone (primary) with two A records (www and root) or delegation record (and if so how?)
Or can I just set up forwarders? Have set up ISP's DNS servers as forwarders but seems like internal users are reaching internal server (asking for log on) when trying to access webpage. - works outside of office.
Discover the Answer to Productive IT

Discover app within WatchGuard's Wi-Fi Cloud helps you optimize W-Fi user experience with the most complete set of visibility, troubleshooting, and network health features. Quickly pinpointing network problems will lead to more happy users and most importantly, productive IT.

Tore JacobsenSystem adminstratorAuthor Commented:
So I tried adding a new primary zone to local DNS called domain.com and added two A records (www and root), pointed them both to the external IP I got pinging the domian.no webpage.
Still don't get inn.

The website declined to show this webpage
  HTTP 403
Most likely causes:
•This website requires you to log in.
You just may use NSLookup on a client to see, if you get the correct IP address, so all names with xxx.office.domain.com should resolve to an internal IP Address while www.domain.com and root.domain.com should deliver the external IP address...

HTTP 403 means "forbidden", but can also be a result, that the server can not be reached....

If NSLookup delivers the correct IP Address, the reason for HTTP 403 is not the DNS setting.

You may try to use tracert www.domain com as well as tracert x.x.x.x (the external IP Address to your external server) to see, where the request fails. Possibly a firewall or proxy issue....

Delegation may not work in your environment, as the internal domain is a subdomain of your top level domain.
Pushpakumara MahagamageVPCommented:
Your steps correct,

1. create forward lookup zone for domain.com

create host record [ A record] for root = public IP [external]

Create host record [A record ] for subdomain www = public IP [external ]

create host record [A record] for sub domain office = local IP

You can check that setting with c:\Windows\System32\drivers\etc\hosts file.  

I'm going to disagree with some of the previous recommendations. If the public domain name is domain.com and the internal domain name is office.domain.com, you shouldn't have to do anything at all on the internal DNS servers aside from ensuring they can resolve external names via forwarders or root hints. They'll resolve www.domain.com just like any other external name.

If you've created an internal zone named domain.com, get rid of it unless you have some other compelling reason to have it.

Users outside the office can access the website with no trouble, correct?

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Don't give any points for this, but I completely agree with DrDave242.  This is a great benefit of having your internal/AD domain different than your public domain - that you don't have to create special zones or records on your internal DNS to resolve records which you have on your public DNS.
Pushpakumara MahagamageVPCommented:

By the way what is you local Primary domain which your users PCs and etc belongs to.

1. is it something like domain.local  
2. Is it same as your web site domain.com
Tore JacobsenSystem adminstratorAuthor Commented:
Webpage hosting company had blocked their IP after they had tried to log on for edeting with wrong password. Would be nice to have this info earlier..
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.