There are a number of ways to solve this IT headache that boil down to leveraging the servers or the network.
Thanks like:
- Install IIS on the DCs - A heavy handed approach and not recommended.
- Perform some network trickery to intercept and forward port 80/443
- Use multiple DNS servers (inside, outside, etc)
On Linux, I'd use iptables to redirect the HTTP and HTTPS ports like this:
iptables -I FORWARD -p tcp -d 192.168.1.31 --dport 80 -j ACCEPT
iptables -I FORWARD -p tcp -d 192.168.1.31 --dport 443 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 192.168.1.31:80
iptables -t nat -A PREROUTING -p tcp --dport 443 -j DNAT --to-destination 192.168.1.31:443
From the command line on Windows 2008 R2, you can do the same using the netsh cli.
netsh interface portproxy add v4tov4 listenport=80 listenaddress=192.168.1.11 connectport=80 connectaddress=192.168.1.31
netsh interface portproxy add v4tov4 listenport=443 listenaddress=192.168.1.11 connectport=443 connectaddress=192.168.1.31
Now any browser requests using the FQDN root will be automatically forwarded through an AD controller. No extra software need be installed.
My thanks to Rick Wargo for sharing his example of port forwarding on Windows 2008 R2.