Hello everyone!
This is my first post in this topic and I am very new to Mikrotik.
I have this issue right now at work that needs a solution:
We are using windows server in office. The domain controller server address is 192.168.0.1. Obviously in order for windows domain to work, we have set up mikrotik gateway dns to look for 192.168.0.1, The name windows forsest is example.com (not really, but just as example).
We also bought a domain example.com and a shared hosting from other provider to use for our website. So the issue is when we try to open in browsers example.com from office computers all we see is windows IIS server page, because on 192.168.0.1 we also have set up an IIS server.
If i ping example.com inside mikrotik, it pings the shared hosting’s server. But if i ping example.com on office computer, it pings 192.168.0.1
Is there any way of using for example 8.8.8.8 (google’s DNS) for http and https traffic?
Personally, I would use Domain Controller as DNS (and DHCP) for internal clients, DNS should already be installed on DC Server as that is one of the requirements for AD to work properly
The problem, as I understand it, is that internal clients already use DC as DNS, but there’s external DNS server for the same domain (used by the rest of the world) and it has different data. Which would be obvious misconfiguration, there can’t be different authoritative servers with different data for same domain. Proper solution is to have only one authoritative source, in this case DC, and configure everything there. The external server can act as secondary, with data taken from DC.
The point being that an office worker who doesn’t have any training shouldnt be mucking about in the network…
If you dont agree SOB, then I am coming to work for your company tomorrow… with high recommendations from you LOL
I disagree. There are cases where internal and external DNS servers might serve very distinct answers to same queries.
OP indicated that they are using private address space for their LAN and it’s only normal that they use split DNS solution. The problem they are having is that they didn’t match DNS records for the same service … e.g. external DNS might point FQDN www.example.com at public IP address (and they might have port forwarding set up) while internal DNS server should point same FQDN at DMZ/internal IP address.
So the problem which is bothering OP is misunderstanding of their own network topology and consequentially misconfiguration of their DNS server(s) (possibly both internal and external).
Ok, you’re right, there can be split DNS and it’s fine. It’s just that when someone first configures a domain internally, then the same domain as public on completely different DNS server, and sees it as suprise that they can get data from either internal or public server, but neither is good by itself, because there’s always somemething missing, it’s clearly wrong. If “example.com” should point to external server (“shared hosting from other provider” as specified in first post), then quick fix is to add record(s) with correct public address(es) also to internal DNS. But it’s possible that “example.com” might already be used by something internally and that should work too. But if that’s the case, there’s no easy way how to solve it (if any).
And I see nothing about an office worker, so I assume an admin who either did this, or inherited it from someone else, …
