Can root of Active Directory DNS be forwarded, like forwarding www requests?

Can root of AD DNS be forwarded, like forwarding www requests?

Client uses the same Active Directory domain and external corporate web presence, ie abc.com for both.

Had to create an internal DNS record (Server 2012) to forward their www.abc.com requests to an external web host to display their web page.  This all works correctly, however client now wants to be able to simply browse to abc.com as opposed to www.abc.com and have their web site resolve correctly.  

Can this change be made using internal DNS?  Is there any chance it will adversely affect Active Directory?

Thanks,

Nathan
NEMCAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

oBdACommented:
The AD domain's DNS name must resolve (only!) to a DC, full stop.
So this can only be done by adding the IIS feature to all of your Domain Controllers, and then creating a redirect to www.abc.com.
This, obviously, will enlarge the DC's attack surface, since there's now a service running on it that actually doesn't need to be running there, and that can be accessed by basically everybody in the AD network.
It's up to the client to decide whether saving the exhausting effort of typing four characters every now and then is worth reducing his domain controllers' security. Maybe you should introduce them to the concept of Favorites/Bookmarks?
HTTP Redirects <httpRedirect>
https://docs.microsoft.com/en-us/iis/configuration/system.webserver/httpredirect/
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
footechCommented:
Simply put, no.

For clients connected to the domain, abc.com should only resolve to the domain controllers.  Anything else and you're asking for trouble.
In theory, you could set up IIS on all domain controllers and have them set to do URL rewrites or redirects to the www.abc.com site, but your DCs should only be DCs (don't install additional components) so I won't ever recommend that as a solution.

Your only options as I see them:
 - rename the domain or migrate to a new one, then you won't have a conflict
 - tell the client to suck it up and live with the "www" (in my opinion, www is preferable to the bare domain anyway)
0
NEMCAuthor Commented:
Thanks for the quick answers.
0
Redefine Your Security with AI & Machine Learning

The implications of AI and machine learning in cyber security are massive and constantly growing, creating both efficiencies and new challenges across the board. Check out our on-demand webinar to learn more about how AI can help your organization!

Shaun VermaakTechnical Specialist/DeveloperCommented:
I will never install IIS on a DC. You can use netsh to do the forwarding without the need for IIS
netsh interface portproxy add v4tov4 listenport=80 connectaddress=www.contoso.com connectport=80 protocol=tcp
netsh interface portproxy add v4tov4 listenport=443 connectaddress=www.contoso.com connectport=443 protocol=tcp

Open in new window

http://blogs.catapultsystems.com/chsimmons/archive/2015/04/08/domain-controller-http-redirect/
0
NEMCAuthor Commented:
Interesting suggestion, Shaun.  Thanks.
0
NEMCAuthor Commented:
FYI, I implemented Shaun's solution with another client and it worked perfectly.

Not sure how persistent the netsh commands are, but for the time being the second client's issue is resolved and they are able to browse internally without including www in the URL.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.