none
Internal Domain name same as Public domain RRS feed

  • Question

  • Hi, Hope somebody can help here

    Our internal domain AD was stupidly built some years ago, without first checking if the Public domain name was taken example.com

    Internal

    Forrest = example.com

    Child = fred

    all clients have a DNS search suffix  fred.example.com

    so any DNS QUERY  say  "ABCD" gets the suffix applied which then becomes abcd.fred.example.com

    Internally this is managed by our internal DNS and Firewall. all requests kept local

    Externally

    example.com  as a wild card which means anything is resolving to this public address

    But the question is how do we stop users working from home (office build) going to the public name abcd.fred.example.com (foreign hacker website) Essentially I need to stop anything *.example.com going to the internet

    Best Regards

    Tuesday, October 4, 2016 8:00 AM

Answers

  • I had that problem once, but I also had an administrative access to the external domain's control panel and I simply disabled the wildcard option.

    If you don't have such access, maybe you should look into firewall rules and apply them via GPO?

    • Marked as answer by Krisgo1111 Wednesday, October 19, 2016 10:03 AM
    Wednesday, October 12, 2016 1:14 PM
  • This should help you

    https://technet.microsoft.com/en-us/windows-server-docs/networking/dns/deploy/split-brain-dns-deployment

    Thursday, October 13, 2016 5:09 AM

All replies

  • here is a couple of the most obvious options

    - Using Direct Access for remote access and configuring example.com as a local domain

    - renaming domain to use a name that you actually own


    Gleb.

    Tuesday, October 4, 2016 9:48 AM
  • Hi,

    I am checking to see if the problem has been resolved. If there's anything you'd like to know, don't hesitate to ask.


    Best Regards,
    Cartman
    Please remember to mark the replies as an answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, October 12, 2016 6:36 AM
  • I had that problem once, but I also had an administrative access to the external domain's control panel and I simply disabled the wildcard option.

    If you don't have such access, maybe you should look into firewall rules and apply them via GPO?

    • Marked as answer by Krisgo1111 Wednesday, October 19, 2016 10:03 AM
    Wednesday, October 12, 2016 1:14 PM
  • This should help you

    https://technet.microsoft.com/en-us/windows-server-docs/networking/dns/deploy/split-brain-dns-deployment

    Thursday, October 13, 2016 5:09 AM