Internal DNS name and ISP Domain name

G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns (More info?)

our internal dns name is the same as our fully qualified
domain name (external)

What problems can arise by having them both the same?
And if there are problems what can i do to resolve them?

Thanks,
Greg
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns (More info?)

In news:236d01c4ad43$03a22ab0$a401280a@phx.gbl,
gkrasnoff <anonymous@discussions.microsoft.com> commented
Then Kevin replied below:
> our internal dns name is the same as our fully qualified
> domain name (external)
>
> What problems can arise by having them both the same?
> And if there are problems what can i do to resolve them?

Since all internal clients must use the internal DNS server _only_ in TCP/IP
properties, and the record needed to access your external website by domain
name only must point to your DC's internal NIC with file sharing enabled,
you will not be able to access the external web site by domain name only
(http://domain.com) and you will have to manually create a record named www
in the internal zone so you can access the external web site by
http://www.domain.com The reason the record for the domain name must point
to DC's internal interface with file sharing is to give access to the SYSVOL
DFS share at \\domain.com\SYSVOL you cannot alter this behavior. Although,
you can run IIS on your DCs and have IIS redirect the site to
http://www.domain.com. Some will recommend against this, but this is the
only way, and the security risk is limited, because unless you are running
Exchange with OWA on the DC, only internal users will get the site and will
be instantly redirected.

Also you will have problems if you have VPN clients because they see the
external domain before connecting via the VPN. You will have to create
entries in your hosts file on the VPN clients for your domain controller's A
records so as to get the correct IP address for the DC.



--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================