AD Domain Naming and DNS query

[Princey]

In previous home labs I've always had my internal domain as domain.local as being a lab it's not had any public facing services. However I've been reading the best practices and Microsoft recommend using a sub domain of my public registered domain, such as ad.domain.com.

I will be adding Citrix to my home lab and will be trying to provide external access via a Netscaler, so I have flattening the lab and redone it with the domain being ad.domain.com. I keep reading about internal and external DNS along with split-brain DNS and what not. It's my understanding that by using a sub domain I wouldn't need any of this and I'd just have to point the 'A' record for citrix.domain.com to my public IP and then port forward that to the IP of the Netscaler?

 

[andshrew]

Yes, you should just be able to create an A record with your public DNS provider pointing to the public IP address you want to use.

Edit- just to clarify if you do this you may find you are unable to access citrix.domain.com from internal devices because their traffic cannot route properly as they will be trying to access your public IP address. Possibly the easiest way to mitigate this is to maintain separate internal and external DNS entries. So in addition to the above A record for external devices, you would also create a record in your internal AD DNS also for citrix.domain.com but wth this one pointing to the internal IP address of your Netscaler.

 

[ubern00b]

Possibly the easiest way to mitigate this is to maintain separate internal and external DNS entries.

This is actually a requirement and best practice for XenApp/XenDesktop. Your internal Storefront DNS should be different to your external Access Gateway DNS. Lots of articles out there about it.