DNS A record keeps changing
Solution 1:
Stop. Don't do this. If you've named your Active Directory the same as your external web presence, you've goofed. I've blogged about how to properly name your AD. You should read it. It's about .local mostly, but also touches on split-DNS which you've created here.
This except is shamelessly stolen from my blog:
The correct way to name an Active Directory domain is to create a subdomain that is the delegation of a parent domain that you have registered and have control over. As an example, if I ever started a consulting business and used the Internet-facing website mdmarra.com as my company's site, I should name my Active Directory domain ad.mdmarra.com or internal.mdmarra.com, or something similar. You want to avoid making up a TLD like .local and you also want to avoid the headache of using mdmarra.com for the Internet-facing zone and the internal zone.
Your domain controllers will always register A records automatically for the root of your AD domain. This is why it's best practice if you web site is example.com to name your AD corp.example.com or ad.example.com
There are a few workarounds for this:
-
Run IIS (or another web server) on your DC and redirect requests on :80 of :443 to
www.example.comwhich will be your web server. -
Train your internal users to go to
www.example.cominstead of justexample.com -
Throw your AD away and start over with a properly named one.
1 and 2 are bandaids. 3 is the fix.