I
I
ipoluda2019-11-19 14:49:01
Domain Name System
ipoluda, 2019-11-19 14:49:01

How to properly configure NS records for a site and a domain controller?

There is a company website, xxx.com, hosted. Deployed an Active Directory domain with the same name on the local network. If a router is specified as a DNS on user machines, users cannot log in to the system, since all their requests are redirected to the site. If you specify the address of a domain controller as the main DNS, users can log in to the system, but do not get to the site, since all HTTP requests are also sent to the domain controller, and not to the site. I would give a different name to the local domain and not suffer, but there are remote users. Help me figure out the setup, otherwise I can’t formulate a normal request in Google, I’ve been struggling for two days to no avail. As far as I understand, you need to forward ports 53, 88, 135, 389, 464, 3268 and 3269 to the controller on the router and add the correct NS SRV record for the domain. Correctly? I do not want to screw up, the site is the main income of the company. I would be very grateful for help with SRV recording.

Answer the question

In order to leave comments, you need to log in

4 answer(s)
D
Dmitry, 2019-11-19
@Tabletko

If it's not too late, rename the domain to something like "inter.domain.tld". And you should not expose the domain controller as a loin part on the Internet - organize a VPN for remote users.

P
poisons, 2019-11-19
@poisons

How not to accidentally shoot yourself in the knee in 3 words

S
Sasha Odarchuk, 2019-11-19
@Fanta

option a) create A=record WWW.site.com with binding to the IP of the site and teach users to go to the site through WWW.site.com
option b) raise the IIS on the CD and set up a redirect
option c) rename the AD domain

S
Sergey, 2019-11-19
@feanor7

If there is no web server on the CD and it is not planned, I solved the same problem by port forwarding:
netsh interface portproxy add v4tov4 listenaddress=<ip CD> listenport=80 connectaddress= connectport=80
also for 443
a terrible crutch, but it works

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question