Avatar of Tore Jacobsen
Tore Jacobsen
Flag for Norway asked on

Local DNS config for external web page.

have customer with on-prem server
Local domain: office.domain.com
Webpage doamin.com

Called local domain for office.domain.com so they could still access their external webpage.

But what do I need to add to local DNS server so they can access it on www.domain.com and domain.com?

Assume a new zone, and maybe a www A host record?


Avatar of undefined
Last Comment
Tore Jacobsen

8/22/2022 - Mon

You're on the right path.  In local DNS, create a new zone for domain.com and set up your A records for the root and www sub.


as I understood you use the same domain internally and externally, right?
So you use a split DNS configuration....

Your external DNS (provider) is pointing to www.domain.com to access the public web site...
Your internal DNS server hosts a A record (www) and it pointing to the external IP Addreess of your public web site...

If your internal and external domains are different, there are several options:
- If your have forwarders configured, nothing else is needed.
- You can add the external domain as a new zone with an A record pointing to your external server
- You can add a delegation record, which forwards all requests for an external domain to the DNS severs of your provider.
A new zone can be used, if the internal and external domain are different.
In this case, you can also add a delegation for that domain on your local DNS. A delegation record redirects all requests for an external domain to the DNS server, which is responsible for that domain. .
Tore Jacobsen

Hi and thanx.
Yes internal and external domain is different . Local : Office.domain.com    external:  domain.com
So is best practis to set ut extra zone (primary) with two A records (www and root) or delegation record (and if so how?)
Or can I just set up forwarders? Have set up ISP's DNS servers as forwarders but seems like internal users are reaching internal server (asking for log on) when trying to access webpage. - works outside of office.
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
Tore Jacobsen

So I tried adding a new primary zone to local DNS called domain.com and added two A records (www and root), pointed them both to the external IP I got pinging the domian.no webpage.
Still don't get inn.

The website declined to show this webpage
  HTTP 403
Most likely causes:
•This website requires you to log in.

You just may use NSLookup on a client to see, if you get the correct IP address, so all names with xxx.office.domain.com should resolve to an internal IP Address while www.domain.com and root.domain.com should deliver the external IP address...

HTTP 403 means "forbidden", but can also be a result, that the server can not be reached....

If NSLookup delivers the correct IP Address, the reason for HTTP 403 is not the DNS setting.

You may try to use tracert www.domain com as well as tracert x.x.x.x (the external IP Address to your external server) to see, where the request fails. Possibly a firewall or proxy issue....

Delegation may not work in your environment, as the internal domain is a subdomain of your top level domain.
Pushpakumara Mahagamage

Your steps correct,

1. create forward lookup zone for domain.com

create host record [ A record] for root = public IP [external]

Create host record [A record ] for subdomain www = public IP [external ]

create host record [A record] for sub domain office = local IP

You can check that setting with c:\Windows\System32\drivers\etc\hosts file.  

Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.

View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.

Don't give any points for this, but I completely agree with DrDave242.  This is a great benefit of having your internal/AD domain different than your public domain - that you don't have to create special zones or records on your internal DNS to resolve records which you have on your public DNS.
Pushpakumara Mahagamage


By the way what is you local Primary domain which your users PCs and etc belongs to.

1. is it something like domain.local  
2. Is it same as your web site domain.com
Tore Jacobsen

Webpage hosting company had blocked their IP after they had tried to log on for edeting with wrong password. Would be nice to have this info earlier..
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck