Accessing Windows Domains Externally

Hi All,
I have always wondered this and so am now going to ask. If I create a Windows 2003 domain called 'kiomega.net', how can I make that accessible externally. So if I were to browse to www.kiomega.net in a web browser, how could I make it so the end user would be accessing my internal domain.

Furthermore, how could I make a subdomain, such as 'login.kiomega.net' from the same server, so that the one server serves both domains kiomega.net and login.kiomega.net.

I guess the main thing I am asking here is how to make an internal domain accessible externally.

Any help would be appreciated.

Thanks,
Michael

 

Firstly, a warning - what you are attempting to doing is very dangerous. It is almost always a good idea to keep the internet outside your firewall and to keep your internal network separate from your internet presence.

However, the solution can be fairly easy. Firstly all the PCs that would be accessible need their own public IP address (those IP addresses will NOT be in the subnets 192.168.0.0 and 10.0.0.0). That usually means buying a block on IPs from an ISP. You then need to register those IP addresses with the DNS server that's assigned to the kiomega.net namespace on the net primary zone DNS servers. That could be your ISP's DNS server or you could set your SBS server to do the job if you have a permanent (better than broadband) connection.

If you own the DNS server you own the space of all the daughter domains. So adding a subdomain is just a case of setting up that domain on the DNS server that defines the kiomega.net name space.

However, a better way to go about this is to use a local domain internally and let your ISP look after your internet name space. I'd also recommend not simple replacing net with local for the internal domain, because some system (including some microsoft system) erroneously read domains from left to right and will confuse kiomega.local with kiomega.net and not see them as separate name spaces. So use something like kinternal.local for the internal network name space.

Then if you have an internal resource you want to allow access to from the internet, you can use port forwarding on your firewall to control access to that resource. You'd then ask your ISP to set up a host address to point at the firewall port forwarding address. So say your firewall is at 11.11.11.11, and you want to host a web server internally: you'd port forward port 80 to the internal server and then ask your ISP to add an A record for host 'www' at address 11.11.11.11 on the domain kiomega.net. The result would be that www.kiomega.net would resolve to 11.11.11.11.

If you really want to read up on this sort of thing, I'd recommend the O'Reilly DNS books such as:

http://oreilly.com/catalog/9780596005627/

 

expect your domain controler to be hacked in record time.

There is no need to make your domain accessable externaly ... what you want to do is foward your webserver to the wan so users can access it.

Nothing wrong with that.

 

Thanks for your replies. I think I will just forward my webserver to the internet.

thanks,
michael

 

Could one not just forward port 80 to the web server?

 

Yeah I could but it was more the fact that rather than buying a domain name I wanted wanted to learn how to set up my own public domain name.

 

You cannot have a public domain name such as xyz.com that is not bought. ICAAN is the group that owns the naming system on the internet and you need to get a domain name from them, it is practical in that it prevents 2 or more people from having the same domain name. Then you need to register your DNS server with the root DNS servers as the authoritive name server for your domain. Unless you are talking about a learning experience or are a very large company or organization this is usually impractical. Running a web server for a commercial use requires bandwidth and most companies do not want to pay the cost for the bandwidth to run their own web server. It is usually more cost effective to have your website hosted or colocated at an ISP. In this case they handle the registration and the DNS registration and give you access to the DNS record so you can create your MX records and other pointers and aliases you require. If you want to do this for your own use and maybe a few of your friends get a dynamic DNS. You can get one for free and you do not even have to worry about having a fixed IP address.