We have internet web applications for our company with which we want to authenticate employees. We setup ADFS 2016 and and this works internally on the intranet and now we setup Web Application Proxy (WAP) to authenticate the employees externally.
We have a DNS A record on the internet for the WAP server. When the client tries to access a web app, they get the login page as expected. When the button is clicked for employees (this is the normal MVC template with Identity 2), the client gets redirected to the ADFS url which is not resolvable since there is no DNS record.
I read where we are supposed to use split DNS and I think that means we are supposed to create a public DNS record for the ADFS server. If we do that, what is the purpose of the WAP?