Removing Windows Domain name from FQDN

Question

I hope someone can help with this, it feels like a stupid question but I'm trying to learn in a semi-live environment and I've had trouble finding an answer to this. I'm trying to be specific, so I hope this doesn't just immediately get closed for a reason I don't understand.

I have a Windows 2012 domain. It seemed simple to me to call the domain fishkake.com (not my real FQDN) but I've seen other posts here that say I shouldn't do that. So my domain is called angel.fishkake.com. And I use NETBIOS and UPN as per another SF post so that users should never see the word angel.

In tutorials for DNS (example: https://support.microsoft.com/en-us/help/324260/how-to-configure-dns-records-for-your-web-site-in-windows-server-2003), I've seen how to add a CNAME for www but this is based on a zone called domain.com. My zone is called angel.fishkake.com but I want a CNAME for www.fishkake.com - NOT www.angel.fishkake.com.

The actual problem which started me down this track was that I have a mail server running on platypus.angel.fishkake.com which I want to install a SSL certificate on.

So the question is, how do I remove angel?

Do I need to create a new zone called fishkake.com that mirrors angel.fishkake.com?

Thanks for your help.

Answer 1

There's no way to change a Windows AD domain once it's set up, but you actually should be using a sub domain, e.g. ad.example.com, so you have the basics correct. If you had used example.com as an AD domain directly, you would have the problem of maintaining two different set of name servers for the same domain: internally and externally.

Now, you simply delegate control of your ad.example.com subdomain to your domain controllers and let the external name servers for example.com handle your www.example.com. Or, if you really wish to have separate records internally, you may add another zone for example.com on your internal name servers.