Just rolled out DA but stuck on couple of issues around split brain DNS, current DA setup:
- DA on Win 2012R2 with dual nic in DMZ
- Win 10 via AD security group
- mydomain.local points to inernal DNS servers
- mydomain.com points to internal DNS servers
- couple of web sites published internally eg . myapp1.mydomain.com & myapp2.mydomain.com, one particular site is an ADFS published endpoint.
- several externally hosted web sites eg. mydomain.com & mysite.mydomain.com
Our DC with integrated with DNS with mydomain.com and mydomain.local zones. So when user is connected via DA externally, as expected they can access the internally published url ending with with mydomain.com. The issue is when the same user tries to access externally hosted sites such as www.mydomain.com or www.myapp.mydomain.com it returns an error DNS not found.
Obviously I can flip the DA configuration to poin mydomain.com to point to null entry - which forces *mydomain.com to external DNS on the client machine. But this would cause internally published url ending with mydomain.com with a DNS error.
So, any suggestions? Change my internally published site to mydomain.local and point DA policy for mydomain.com to external DNS? This would cause issues for ADFS published endpoint. Many thanks in advance.