ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Internal domain name same as external domain - DNS issues!!

    Scheduled Pinned Locked Moved IT Discussion
    dnswindowslanactive directorydomain name
    58 Posts 8 Posters 19.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • JaredBuschJ
      JaredBusch @Joel
      last edited by

      @Our-Tech-Team said:

      Hi all

      I'm having a problem with a new client server 2012 R2 where the internal domain name is the same as the external domain eg. companyname.com for internal AD domain name, and their website and emails are also on companyname.com (note: emails are with office365)

      Internally if I ping the domain name, it replies back with the internal IP address (192.168.0.2) which is our DNS and Domain Controller and staff are unable to browse to their website.

      I have created a manual WWW entry in DNS Manager so now staff can now go to www.companyname.com and it resolved but without the www it doesnt work.

      I noticed in our DNS manager, there is an entry that says:

      (same as parent folder) - Host A - 192.168.0.2 - I believe this is causing the problem. If i remove it, it simply comes back shorlty after as this is the default A record for the DC.

      Is it a problem to have the internal domain name the same as external or should I rename? Can i rename? what do you advise?
      Sorry if this is badly written but I hope you understand the nature of the query. Let me know if any Q's

      Thanks

      You have no way to fix this.

      You cannot have domain.com point to anything except your DC or you will break AD.

      The only thing you could do is redo AD. Microsoft documentation uses ad.domain.com in their examples for this reason.

      scottalanmillerS 1 Reply Last reply Reply Quote 1
      • scottalanmillerS
        scottalanmiller
        last edited by

        @Our-Tech-Team Welcome to MangoLassi!

        1 Reply Last reply Reply Quote 0
        • scottalanmillerS
          scottalanmiller @JaredBusch
          last edited by

          @JaredBusch said:

          The only thing you could do is redo AD. Microsoft documentation uses ad.domain.com in their examples for this reason.

          He had asked me about this offline and it appears, from our brief conversation, that the only impacts he is seeing is that he needs to manually put in external addresses into DNS (like www.mysite.com) so that it will resolve and the default domain points to the DC, not the website. As long as users are okay with that one URL not being usable and he's okay with the small amount of manual DNS entries, it looks like that is his only impact and he is fine not changing the domain at this point.

          Unfortunate and not best practice, but it appears that the issues are minimal and his best option is to just remain with it as it is at this point. Not worthy modifying the domain now.

          JaredBuschJ 1 Reply Last reply Reply Quote 1
          • JaredBuschJ
            JaredBusch @scottalanmiller
            last edited by

            @scottalanmiller said:

            @JaredBusch said:

            The only thing you could do is redo AD. Microsoft documentation uses ad.domain.com in their examples for this reason.

            He had asked me about this offline and it appears, from our brief conversation, that the only impacts he is seeing is that he needs to manually put in external addresses into DNS (like www.mysite.com) so that it will resolve and the default domain points to the DC, not the website. As long as users are okay with that one URL not being usable and he's okay with the small amount of manual DNS entries, it looks like that is his only impact and he is fine not changing the domain at this point.

            Unfortunate and not best practice, but it appears that the issues are minimal and his best option is to just remain with it as it is at this point. Not worthy modifying the domain now.

            Correct, Really it is just that users will have to be trained to enter www in front of domain.com to get to the website. All links to the website will have to explicitly use www or it will fail.

            J 1 Reply Last reply Reply Quote 1
            • JoelJ
              Joel
              last edited by

              If having to tell/train users to type www. in front of their domain name to view their own website internally is the biggest problem I'll face then it's probably not worth me renaming/reconfiguring it all over again then.

              Would there not be any other implications/issue's i'll face down the line?
              If our email system is on office365 am I safe in saying the emails wont have any issues or be affected?

              Should I want to rename the domain name to be AD.domain.com is that a big task to do?

              scottalanmillerS JaredBuschJ 4 Replies Last reply Reply Quote 1
              • scottalanmillerS
                scottalanmiller @Joel
                last edited by

                @Our-Tech-Team said:

                Would there not be any other implications/issue's i'll face down the line?
                If our email system is on office365 am I safe in saying the emails wont have any issues or be affected?

                You are safe, Office 365 is external and MX records are not a problem as Office 365 is outside of your AD Domain's DNS reach. Office 365 has no idea that you have a DNS overlap inside the LAN.

                1 Reply Last reply Reply Quote 1
                • JaredBuschJ
                  JaredBusch @Joel
                  last edited by JaredBusch

                  @Our-Tech-Team said:

                  Should I want to rename the domain name to be AD.domain.com is that a big task to do?

                  Yes, because you cannot simply rename a domain.

                  1 Reply Last reply Reply Quote 1
                  • scottalanmillerS
                    scottalanmiller
                    last edited by

                    Yeah, you would basically be recreating your domain from scratch. It's rather a pain. You want to avoid it if possible, unless you are just like five users, perhaps.

                    1 Reply Last reply Reply Quote 1
                    • JaredBuschJ
                      JaredBusch @Joel
                      last edited by

                      @Our-Tech-Team said:

                      If having to tell/train users to type www. in front of their domain name to view their own website internally is the biggest problem I'll face then it's probably not worth me renaming/reconfiguring it all over again then.

                      You also need to look at the website code itself. If there are any hard links to http://domain.com in the code they will fail from within the office.

                      1 Reply Last reply Reply Quote 1
                      • JaredBuschJ
                        JaredBusch @Joel
                        last edited by

                        @Our-Tech-Team said:

                        Would there not be any other implications/issue's i'll face down the line?
                        If our email system is on office365 am I safe in saying the emails wont have any issues or be affected?

                        You should not have any problems as long as there are no MX records on your internal DNS server.

                        1 Reply Last reply Reply Quote 0
                        • JoelJ
                          Joel
                          last edited by

                          no mx records are present on our server at all.
                          I dont have a problem with the website not working internally (without the www). I'll see if i can convince them next week though! Thanks for your help.

                          Next time, i'll be sure to name it something other than the same domain name!!! sigh

                          scottalanmillerS 1 Reply Last reply Reply Quote 0
                          • scottalanmillerS
                            scottalanmiller @Joel
                            last edited by

                            @Our-Tech-Team said:

                            Next time, i'll be sure to name it something other than the same domain name!!! sigh

                            Current best practice is to use a subdomain, such as ad.yoururl.com. The addition "ad" at the beginning makes it obvious that it is just for AD and that it is not the same domain as anything else.

                            JoelJ 1 Reply Last reply Reply Quote 0
                            • JoelJ
                              Joel @scottalanmiller
                              last edited by

                              @scottalanmiller noted! lesson learned. thanks again

                              1 Reply Last reply Reply Quote 0
                              • scottalanmillerS
                                scottalanmiller
                                last edited by

                                It is a common one, lots of people do that.

                                1 Reply Last reply Reply Quote 0
                                • DashrenderD
                                  Dashrender
                                  last edited by

                                  How is this a brand new problem unless they are a brand new company and new network.

                                  If the while system is that new... It might be worth redoing AD....

                                  As for email, you'll need to setup the needed records for active sync to work inside your network as well.

                                  scottalanmillerS 2 Replies Last reply Reply Quote 0
                                  • scottalanmillerS
                                    scottalanmiller @Dashrender
                                    last edited by

                                    @Dashrender said:

                                    If the while system is that new... It might be worth redoing AD....

                                    Unless it is so new that they have not started using it, is that true? How does age of authentication change the effort in renaming?

                                    DashrenderD 1 Reply Last reply Reply Quote 0
                                    • DashrenderD
                                      Dashrender @scottalanmiller
                                      last edited by

                                      @scottalanmiller said:

                                      @Dashrender said:

                                      If the while system is that new... It might be worth redoing AD....

                                      Unless it is so new that they have not started using it, is that true? How does age of authentication change the effort in renaming?

                                      If they only have one or two servers and a small handful of folders to change permission on.. If you were ever going to do it... Now would be the time.

                                      scottalanmillerS 1 Reply Last reply Reply Quote 0
                                      • scottalanmillerS
                                        scottalanmiller @Dashrender
                                        last edited by

                                        @Dashrender said:

                                        @scottalanmiller said:

                                        @Dashrender said:

                                        If the while system is that new... It might be worth redoing AD....

                                        Unless it is so new that they have not started using it, is that true? How does age of authentication change the effort in renaming?

                                        If they only have one or two servers and a small handful of folders to change permission on.. If you were ever going to do it... Now would be the time.

                                        Regardless of how many that is, wouldn't the current state be "all of them?"

                                        1 Reply Last reply Reply Quote 0
                                        • DashrenderD
                                          Dashrender
                                          last edited by

                                          It will always be all of them... But unless you are at 10 today and plan to never grow.... Then why not do it when you're small.

                                          Are you saying the effort is just never worth it until there is a reason to worry about it? While that can make sense, assuming the effort is around 10 computers. I think the ounce of prevention today is worth it.

                                          Of course if he is so swamped doing other things that makes the company more money, more efficient, etc.... Then he should do those things

                                          scottalanmillerS 2 Replies Last reply Reply Quote 0
                                          • scottalanmillerS
                                            scottalanmiller @Dashrender
                                            last edited by

                                            @Dashrender said:

                                            It will always be all of them... But unless you are at 10 today and plan to never grow.... Then why not do it when you're small.

                                            That doesn't make sense. What if he put it in twenty years ago but was only at ten people today?

                                            You can make an argument, like I did earlier, that if the environment is small enough it might be worth moving now. You could make an argument that if you expect to grow dramatically that it might be worth moving for some reason, although I don't believe that this is true - having to type in www is an easy fix at any scale. But what I don't see is how the age of the environment is a factor. If you are five minutes old and have a million users or twenty years old and have five, it is the number of users, not the age of the environment that determines if the effort might be worth it.

                                            1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 3
                                            • 1 / 3
                                            • First post
                                              Last post