I've (our tiny group) been using the naked domain for Active Directory for quite a while now, at the beginning we knew it wouldn't be available for other uses without heavy setup. At the time it seemed like no big deal as you can use the www. subdomain anyway, but, now seeing it in the browsers and on the sketching it doesn't look so hot.
From the outside it's not problem getting to it (web content on naked domain,) the proxy handles it but from the inside, requests naturally go to the domain controllers. The network is subnetted, so again, the proxy solves half of the problem redirecting ports but there's still the group of clients on the domain controllers' subnet that can't reach the web servers.
IIS has this ARR thingy that forward proxies traffic but doesn't work with secure traffic. Can you think of another way we could proxy or reroute web traffic (and keep using standard ports) to the web servers?
The only thing I can come up with is isolating the DCs completely but that means changing IP addresses in tons of devices a lot of which we don't remember in the network, then it's haunting for them because if they aren't bugging the DHCP servers they basically go into stealth mode. It'll take forever.
I do have one other idea but I don't know how damaging it could be, the server net goes from let's say;
10.0.0.1 to 10.0.3.254, a /22 network, but devices are only allocated in the first /24 segment of it and the DCs actually are at the begging on the second /24 at: 10.0.1.1, 10.0.1.2, and so on.
So I thought, maybe if I reduce the subnet mask from /22 to /24 then communication isn't lost as I create VLANs and move stuff around, then even if I have to go IP address after IP address from 0.1 all the way up to 3.254 all the time. DHCP for that subnet is allocated in the third /24 segment, in the 10.0.2.0 block. I don't know if there's potential for storms, or what kind of mess I'll be into and I thought or going into Quora but just about to post remembered this place that had gotten me out of trouble countless times.
Million thanks!