This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to migrate from a workgroup to a domain environment?

I decided to complicate my life (further) by switching my home-office/lab from a workgroup to a domain environment. I have both local and remote web servers and email servers. The Sophos UTM is currently acting as my DNS and DHCP servers. I am also using Sophos’s SSL VPN, WAF, SMTP and Web filter proxies. I currently have host names assigned to each local web server’s network definition (e.g., www.mysite.com = 192.168.1.130) in Sophos and a WAF Real webserver points to each server's network definition. Of course I want to remove these static entries from Sophos and use the local Windows DNS server but this is where I get confused. I want local and remote users to be able to use the same URLs (e.g., https://www.mysite.com, mail.mysite.com) to access the websites and email servers that are publicly available.

I have built a Windows Server (SRV-AD1) which is a domain controller with DNS and DHCP. I have followed Bob’s DNS Best Practice but I am confused about a couple of things. I don’t know exactly what to enter for Request Routing in the UTM. 192.168.1.0/24 is my internal subnet, SRV-AD1 is my DNS server and mysite.loc is the name of my internal domain. As I mentioned previously,  I also have public websites, for example, mysite.com and mysite.net which are hosted on other internal servers. A couple of websites have subdomains hosted on different servers. For instance, mysite.net is hosted on 192.168.1.120 but www.mysite.net is hosted on 192.168.1.32.

I have started switching things over. Currently, I have the following Request Routes in Sophos:

  • 1.168.192.in-addr.arpa → SRV-AD1
  • mysite.loc → SRV-AD1

Do I need to enter more Request Routes since I have multiple public domains with websites hosted on local webservers?

I have read about split DNS zones but I haven’t a clue how to implement them; what goes where in the Windows DNS and/or DHCP servers.

What else do I need to configure?

UPDATE:

I removed all static DNS entries (domain names) from the Sophos Network Definitions for my local servers. On the Windows DC, for each of my public domains, I added a new zone under Forward Lookup Zones and I added an A record for each subdomain. This seems to be working.



This thread was automatically locked due to age.