Microsoft Entra Domain Services domain and external domain share the same name issue

Question

I recently created Microsoft Entra Domain Services (MEDS) using the same custom domain name as the domain of my website, for the purpose of this post, let's call it abc.com

When I try to access the website externally, it resolves correctly. But when I try to access it through a workstation (VM) joined to MEDS, it's unable to resolve. I'm guessing that it's facing a split-brain DNS issue because it's trying to resolve for the internal DNS servers connected to MEDS and not the actual DNS records of the website.

From the documentation that I read, https://learn.microsoft.com/en-us/entra/identity/domain-services/tutorial-create-instance I understand that this is not fully recommended but it is supported to have the same name. I managed to add all of the DNS records (A records) from my registrar to a VM joined to MEDS by installing the RSAT DNS server tools by following this article https://learn.microsoft.com/en-us/entra/identity/domain-services/manage-dns. This managed to resolve the issue when using www.abc.com, but it still doesn't resolve for abc.com. I know I can't delete the DNS records that are pointing towards MEDS in the VM, as this will "break" the VM. The DNS records I'm referring to are the ones found in the "Properties" tab in MEDS, 10.0.1.4 and 10.0.1.5 (mine are different, but you get the idea)

My question here is, can I set up conditional forwarders by once again following this article https://learn.microsoft.com/en-us/entra/identity/domain-services/manage-dns#create-conditional-forwarders and add the external IP's or will this break the VM? Is there any other way of doing it?

Answer 1

Hi @Seb Reins

Thank you for posting this in Microsoft Q&A.

I understand you are facing some challenges with DNS resolution in your Microsoft Entra Domain Services (MEDS) environment. Based on the information you provided, it appears that you are trying to resolve external website domain names from a workstation joined to MEDS, and you suspect a split-brain DNS issue.

Setting up conditional forwarders could potentially help in resolving external domain names correctly without breaking the VM. Conditional forwarders allow you to forward DNS queries for specific domain names to external DNS servers for resolution. This can help in resolving external domain names while still maintaining the internal DNS resolution for your MEDS environment.

can I set up conditional forwarders by once again following this article https://learn.microsoft.com/en-us/entra/identity/domain-services/manage-dns#create-conditional-forwarders and add the external IP's or will this break the VM?

Steps to Configure Conditional Forwarders:

1. Install RSAT: DNS Server Tools on your MEDS-joined VM (if not installed already).
2. Open DNS Manager (dnsmgmt.msc).
3. Right-click Conditional Forwarders and select New Conditional Forwarder.
4. Enter abc.com as the domain name.
5. Add the external public DNS servers (such as your domain registrar’s or a public DNS like Google’s 8.8.8.8 and 8.8.4.4).
6. Click OK to save the settings.

No, this should not break the VM as long as you only configure the conditional forwarder for external resolution and do not modify the core DNS settings required for MEDS (e.g., 10.0.1.4 and 10.0.1.5).

You can try below approach as well

Editing the Hosts File:

On the VM, add an entry in C:\Windows\System32\drivers\etc\hosts: <IP_Address> <Hostname> This is a manual workaround but should work immediately.

For your reference: https://techcommunity.microsoft.com/blog/appsonazureblog/hostfile-entry-on-windows-and-linux-machine/4111820

Hope this helps. Do let us know if you any further queries.

---

If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.