The MSP for a law firm office that has just joined our company is using a FQDN as an internal AD Domain and has been doing so for sometime apparently. They have this issue in that they have a website of the same FQDN which is hosted offsite, so when they try to browse http://theirdomain.com they get the IIS7 page of their DC rather than the website which we (outside of their local network) see. http://www.theirdomain.com works fine internally because they have a forward lookup on their DC, but I've asked them to do the same for the hostless A record of the website and the MSP said that would need to be researched first and might have to be dealt with as a project because of the implications on the local domain and RDS environment. Is this the case? Isn't all AD domain lookups done via UNC and IP rather than DNS lookups?
Asked
Active
Viewed 476 times
1 Answers
5
This won't work. Domain Controllers register A records for the AD DS Domain that they are authoritative for. This is why domain naming is so important.
So if your DCs are 10.1.1.1 and 10.1.1.2 and your domain is company.com, the internal AD-integrated company.com zone will have A records at the apex of the zone for 10.1.1.1 and 10.1.1.2.
As an aside, you should be concerned that IIS in installed on your DCs. That's generally not good.
