AD domain on web servers behind NAT - DNS issues?
- by Ant
I'm trying to setup an AD domain to manage the security between two Windows Server 2008 webservers that will sooner or later use NLB to balance website requests.
I've hit a problem which I think is a simple solution and is down to DNS.
My website domain is mydomain.com. The two servers are running behind a NAT firewall on the 10.0.0.0 IP range.
I've setup the AD domain to be called ad.mydomain.com (as recommended by MS and a few other answers to questions on here).
The second web server however doesn't want to join the domain, and gives an error pinning the problem on DNS - "ensure that the domain name is typed correctly" even though it queries the SRV record successfully and gets the correct DC back - dc.ad.mydomain.com.
Doing a dcdiag /test:dns on the DC gives the Delegation error 'DNS Server dc.mydomain.com Missing glue A record'.
I have a feeling I need to add something to the public DNS so that it in some way knows about ad.mydomain.com.
Can anyone suggest whether I'm on the right track in adding something to the public DNS? Or whether it's something else?
Many thanks