0

we are focussed on building websites/webservices for quite a few years now and right now in discussions with the company which manages a companies network. I just can't believe what they are telling us so i would like to ask if this is true for all Microsoft AD networks.

Situation:

  • We own/control the public DNS record "example.com"
  • The company which manages the companies internal network named the domain controller also "example.com"
  • So now whenever we need a subdomain e.g. staging.example.com we have to report that to the company which manages the network to make this subdomain available in the network

As far as i can see the company could have named their domain controller however they wanted. Would they have given the domain controller a name like managed-network-example.com all this conflicts wouldn't exist?

Throughout the discussions they blamed us that we didn't use www.example.com to reach the website instead we redirected to example.com in the browser. Then when we switched and redirected to www.example.com just to find out that this resulted in a 404 error because they had to point the www subdomain to our webservers IP. In the aftermath they told us thats absolutely normal that we have to inform them about every subdomain we wanna use so that it's reachable from within the network.

So is this the way you setup an internal network, making a public DNS record more or less irrelevant?

Thanks for your replies!

Sacha
  • 1
  • 1
    Due to the unfortunate choice of using your bare domain as the name of the Active Directory domain it is indeed required to add a duplicate DNS record in your internal DNS for every subdomain you create in your public / internet DNS zone – HBruijn Jan 24 '19 at 11:30
  • This is unfortunate, but sadly true. If you want the sub-domain to be reachable on the internal network then the sub-domain needs to be added to the internal DNS. If the AD domain had been named using a sub-domain of the public domain (such as ad.example.com) then this wouldn't be necessary. – joeqwerty Jan 24 '19 at 12:21

1 Answers1

0

best practice would be to delegate a subdomain of example.com for your infrastructure, for example: ad.example.com. It is a common use to have a domain targeting a website without a www subdomain. Look at serverfault.com ;)

Dennis

Snooops
  • 78
  • 1
  • 10