How to configure DNS for internal domain resolution on Windows Server?

Question

I have a Windows server with a private DNS server for the AD system named office.example.com. The public domain name example.com is managed by a hosting service and points to a public IP address. When I join a client to the office.example.com domain, the name is sometimes resolved to the correct private IP address and sometimes to the incorrect public IP address. This causes connectivity issues for clients inside the domain. How can I configure DNS to ensure that office.example.com always resolves to the private IP address?

Update

The last sentence is actually not what I intended to do.

This question was used as a guideline for my solution. My problem is, I am not sure how to apply the second suggested solution in reality:

Subdomain of an existing public domain name which will never be used publicly (e.g. corp.mycompany.com).

Answer 1

How can I configure DNS to ensure that office.example.com always resolves to the private IP address?

By only using the internal private IP address of the DNS Server(s) on the clients. Never use public external DNS Server IP addresses for AD clients. That is a DNS worst practice and a security worst practice.

Answer 2

Is this a new AD because we run into the same issues because of using “.nl” for our internal domain.

If you want to resolve this, you have to create an internal DNS zone for example.com and put all the records you’re using into that zone file.

If you however have a new domain setup it’s better to rename it to “.lan” or “.local” because those will