-1

Prior IT support named a customer's Windows 2016 AD domain example.com instead of example.local, as I've always done it. The customer has an external Apache web server hosting www.example.com.

When a user browses to http://example.com or http://www.example.com it fails because that resolves to the server's LAN IP address.

How can I ensure that users can reach the external company web server?

(Different issue: Resolving DNS issues in an Active Directory Domain ending in .com instead of .local)

jbbarnes77
  • 73
  • 3
  • 2
    Please don't use .local - See https://serverfault.com/q/76715 – HBruijn Apr 25 '19 at 07:16
  • Perhaps Split-Brain DNS might apply to your situation. https://docs.microsoft.com/en-us/windows-server/networking/dns/deploy/split-brain-dns-deployment – twconnell Apr 25 '19 at 18:15

1 Answers1

2

So using .com instead of .local is perfectly fine, preferable even. I would be running AD from a namespace like ad.company.com instead of the root to avoid issues like this, but overall, using a real TLD that you own is best practice for AD.

The only issue here is that the internal and external namespace are shared. You can get around the website issue by having iis on the DCs acting as a forward/reverse proxy to the external website. Suggesting putting that role onto a DC actually makes me feel queasy but it should work.

Rob Moir
  • 31,664
  • 6
  • 58
  • 86