I have purchased a domain, example.com. Per everything I have read, my Active Directory server should NOT be named the same. As such, my servers are now:
DC-1.example.com [Active Directory]
Web-1.exmaple.com [Web]
Mail-1.example.com [Mail]
If I understand correctly, example.com and should actually resolve to Web-1.example.edu
So the DNS for example.com:
A - [IP of Web-1.example.com]
MX - [IP of Mail-1.example.com]
SRV - [IP of DC-1.example.com]
Can anyone verify this is the correct way of doing this? I just want to make sure the configuration is proper.
REF:
Best Answer
Close...
Your external domain is example.com.
So, you should name your internal Active Directory something like corp.example.com.
That way, the FQDN of your servers will be like DC1.corp.example.com, Web1.corp.example.com, Mail.corp.example.com, etc.
Active Directory will automatically populate SRV records for corp.example.com. You should not have to manually create any SRV records unless you are doing something special.
MX records should be named the same name as their domain. In Microsoft DNS it will literally say "(Same as parent folder)" as the name of the MX record. (Or an @ symbol.) It should point to the name of a mail server, not an IP address. You can have many MX records for the same domain, with different priorities, if you want.
You will manage your external DNS separately from your internal DNS. Your internal DNS for corp.example.com will be hosted on your AD domain controllers. Your external DNS will be managed through someone like GoDaddy, though you are free to change the name servers to your own NS servers if you please. But they need to be authoritative for example.com. (And right now your internal AD domain controllers are not authoritative for example.com. They are authoritative for corp.example.com.)
If you have an external website that you want to host on web1.corp.example.com, you probably want your internet visitors to just be able to type in www.example.com in their web browsers. It's pretty typical to go to your external name servers (like on the GoDaddy web portal for instance,) and make a new A (host) record named www, and the IP points to the external IP that NATs to the internal IP of your web server behind your router. Or, you might make example.com itself point to the external IP of your web server, (@), and make www an alias (CNAME) for @.
That last bit right there is why you will have a bad time if you try to host an external website where the Active Directory is the same FQDN as your external domain. Let's say for example you named your internal Active Directory example.com. Well then example.com would resolve to the authoritative name servers for example.com which at that point would be your domain controllers, and not your web server.