Active Directory: Is it required that the "A" record for a domain point to a Domain Controller?

Solution 1:

You're learning why you shouldn't use the same domain name for your Active Directory as you're using for your external Internet presence.

The "A" records for the domain referring to the domain controllers are used for DFS to resolve the name of the domain to a domain controller (primarily for client computers to access the SYSVOL). If you delete those "A" records you're going to see group policy break, amongst other things.

If you can't rename the AD domain, I think you're stuck putting IIS (or some other HTTP server) up on those boxes to redirect client computers to the right host.

This is why I name my AD domains "ad.domain.com". You should have a really, really good reason before you create a DNS zone on a private DNS server that matches a zone that the Internet has authoritative DNS servers for already. You've done that, and added Active Directory into the mix.

Solution 2:

It is required that those A records point to domain controllers. They are must for DFS (SYSVOL, Netlogon access) and replication. In this case you can live dangerously and use some redirection tool or live with asking users to type www.domain.com. You can relieve their pain someways by making a favorites entry for domain in IE or making that home page for them. So they have to type it seldom.