Reply to post:

It's official: .corp, .home, .mail will never be top-level domains on the 'net

Lee D Silver badge

"My last job used $ as the internal AD domain name."

There's nothing wrong with that, so long as you own that domain. In fact, that's why it's called a domain name in AD and in DNS (and AD is DNS based).

The "hack" to make it work internally? Set your external DNS resolvers to reply with your external IP and your internal ones to reply with your internal IP? Same config I have here.

"" resolves to a 192.168. if you're querying our internal nameservers and to our external IP if you're querying our "real" DNS servers visible to the outside world. Works fine.

In fact, the gateway is smart enough to redirect and port-forward even internal access just using the external IP from inside (i.e. no DNS changes required) but I don't like that... I like a clear separation.

That's not a facepalm - that's how you should be configuring it. In fact, I'd query how you'd migrate smoothly to Azure etc. in the future if you're not already doing this (

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019