0

I have an intranet network on which a Windows IIS7 server is named mycompany.com. We also have a website hosted elsewhere named mycompagny.com.

From the outsite of the network, everything is fine for our current use case. But from the inside, it's not possible to access the website in a browser without the www prefix. It return a dummy page from IIS7.

A hack used by a colleague is to skip local DNS routing by using google's DNS service. A major con for the solution is that it have to be configured locally on all machines and that it disable local http serving.

Another hack would be to always use www, but we have some subdomains that are not configured to work with it. For example, our famous: nice-app.mycompagny.com.

I can't just change the intranet server name because it's already used for other purpose as ssh-access-ing a bunch of machines ftp-serving. Renaming mycompagny.com by mycompagny-intranet.com or something else would certainly breaks a lot of things and create headheaches for everyone for a couple of days ... As I am new here, I can't afford it.

How could I handle that specific problem?

This kind of duplicate use of DNS duplicate seem to be a common anti-pattern in the windows server community, at least it have been reported many times on Serverfault:

How could one prevent that to happen again at the design stage of a network?

EDIT: The sub-question is clearly a duplicate of Windows Active Directory naming best practices?.

Community
  • 1
jvtrudel
  • 101
  • 2
  • 1
    `How could one prevent that to happen again at the design stage of a network?` - Use an unused subdomain internally, such as `ad.mycompany.com`. – joeqwerty Feb 28 '17 at 20:49
  • More or less a dup of http://serverfault.com/questions/76715/windows-active-directory-naming-best-practices – Zoredache Feb 28 '17 at 20:50
  • I agree that my second question may be a dupplicate. I did not notice the question/answer you pointed out. They will be useful to prevent further problem and confirm my *anti-pattern* assertion. – jvtrudel Feb 28 '17 at 21:10
  • That said, I can't change the name in the present case. What should I do to redirect brower's request to the outside of the network for an external DNS resolution? – jvtrudel Feb 28 '17 at 21:12
  • That question links to others. But the answer is that all the options suck in one way or another. See http://serverfault.com/a/38213/984 – Zoredache Feb 28 '17 at 21:20

1 Answers1

1

You (or your predecessor) shot yourselves in the foot by choosing the wrong DNS name for your Active Directory domain name. This results in DNS A records for your bare domain name pointing to your domain controllers rather than your external corporate website.

To solve that many people do something equally horrible, they run a webserver on each and every mycompany.com AD domain controller that sends a HTTP redirect from the bare domain name to www.mycompany.com.

(Your remark "It return a dummy page from IIS7." seems to indicate you already run IIS on your domain controller(s) so you only need to configure a site with a redirect there.)

HBruijn
  • 72,524
  • 21
  • 127
  • 192
  • I totally agree. It was was a *shot in the foot*! Be sure, its not my fault. And I have seen a lot of other horrible things... But the point is not to overcriticize. I just need to fix that mess. – jvtrudel Feb 28 '17 at 22:02
  • I think that your suggestion to redirect from the domain controller could be the right answer. – jvtrudel Feb 28 '17 at 22:03