Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

DNS www record

Status
Not open for further replies.
MIScoord

MIScoord

MIS
Aug 21, 2001
66
0
0
US
I've been reading several threads in this forum about people having problems with DNS when they have an internal company domain (company.com) that matches their external web domain hosted by an outside provider ( Most of the time, the suggestion is made to add a in DNS that forwards those requests to external DNS servers. That's not what we do and everything seems to work fine. In fact, we removed the completely when we first set up our DNS for this very reason. Unless I'm just missing the boat, we have our DNS set up so that every unresolved name gets sent out to our external ISP's DNS servers. Now, at the time, we weren't using for our web address, but we knew we would soon, and expected it might be a problem in name resolution if we kept that record. So now if someone goes to IE and types in company.com, they get a "Page Cannot Be Displayed." But if they type in they are taken to our website hosted by an outside provider. That's why I don't understand the big deal people are making about not using the same name (i.e. company.com) for your internal domain as you do your external domain. Did we just get lucky in setting up our DNS or am I missing something in these other posts that's causing the problms? Me: We need a better backup system.
My boss's boss: Backup? We don't need no stinkin' backup!
 
Sort by date Sort by votes
do your clients only point to your internal DNS servers for name resolution? Does your web server have an internal interface as well as an external interface? Perhaps the web sites external IP is cached on the server?
 
Upvote 0 Downvote
Yes, the clients only point to our internal DNS server for name resolution. Before we switched to Windows 2000, we sent them to our ISP's DNS servers, but changed that when we migrated from NT4.

Our firewall server is multihoned (internal and external interface), but our DC-DNS server is on our internal WAN only.

I don't see how the web site's external IP could be cached on the server in any way. As far as I know, the DNS server has never come in contact with the web site's IP in any way, other than to forward the request.

Me: We need a better backup system.
My boss's boss: Backup? We don't need no stinkin' backup!
 
Upvote 0 Downvote
I have lots of problems with this, I think its refferring to a different setup.

Multihome DNS servers-Internal domain is same as web domain, our MX records somehow constantly get screwed and re-adding them will fix for a while. Web sites will loose their public Ip and a ping to the address will give a private IP. All kinds of flaky crap. When they were AD integrated troubles were much worse but I moved them to standard primary and secondary cleared alot of the mess up.

My fix is gonna be add another internal DNS that forwards to the external and have pri and sec DNS public only not multihomed and put all web servers back behind the firewall to completely isolate the DNS servers fromt he rest of the network.
 
Upvote 0 Downvote
When your DNS server does a forward lookup (which shouldn't be happening for your if the scenario you're describing is in place) it absolutely caches the response locally, that's what DNS servers do. Typically, they save those cached lookups until the registered TTL tells them it's time to release it. Before that happens however, a DNS server will request an update from the authoritative server to keep the cached entry alive. Anyway, another question, is your DNS server pointing only to itself for name resolution in the IP properties of it's NIC?
 
Upvote 0 Downvote
Duh, sorry, bronto, I'm brain dead this morning. Didn't understand your question about the caching, but I do now.

As to your other question, yes, our DNS server points only to itself for name resolution. The internal NIC of our firewall server points to the DNS server, and the external NIC points to our ISPs DNS servers. Me: We need a better backup system.
My boss's boss: Backup? We don't need no stinkin' backup!
 
Upvote 0 Downvote
Well, I'm running low on theories then. When you're at a client machine and you ping , does it return the external IP address? Also, go into your DNS server and check your cached lookups zone (under .com) for your web site. Now , I understand that you say you've set up your DNS server to forward requests for any name that it can't resolve, but if your server truly thought it was authoritative for your domain, it would NEVER forward a request out for a host that allegedly lives in that domain. That's just the way DNS works.
 
Upvote 0 Downvote
Yep, I get the website's IP address when I ping not our interntal IP address.

And here's something else interesting. If I do a tracert from a command prompt to the FIRST hop is not to the local DNS server, it's to the firewall server, which then forwards it on to our ISP's DNS server. And by the way, DNS is not configured at all on the firewall server.

Me: We need a better backup system.
My boss's boss: Backup? We don't need no stinkin' backup!
 
Upvote 0 Downvote
well, that sort of explains things, as your internal DNS server is being bypassed. What is this firewall server? Is it 3rd party software on a W2K machine, or a Cisco box...? Also, did you disable recursion on your DNS server on any level?
 
Upvote 0 Downvote
The firewall server is W2K with ISA. And recursion is not disabled at all.

DNS is working at some level, because my client machine's DNS cache contains entries for local A records from the local DNS server. Me: We need a better backup system.
My boss's boss: Backup? We don't need no stinkin' backup!
 
Upvote 0 Downvote
Well, I can't make further assumptions about your systems without actually seeing your configs, but somehow those client machines are getting to the external DNS. Maybe your DNS server DOESN'T think it's authoritative for your domain....In any case, with 99% of the folks who set up DNS using the same internal/external names, there is an issue with these types of records when the ISP hosts the zone for the internet. That's what the hub-bub is about. (Did I just say that...?):)
 
Upvote 0 Downvote
Do you have your ISP's dns number on the server. (Might try hosts and lmhosts on the clients. I swear by them.) Glen A. Johnson
Microsoft Certified Professional
gjohn76351@msn.com

"It is never too late to learn what is always necessary to know."
Lucius Annaeus Seneca (4 BC - 65AD) Roman philosopher, statesman.
 
Upvote 0 Downvote
I have a similar issue that is driving me nuts. We have our internal dns using company.com and used to have an ISP host our website at - we just recently moved it internally. Now, you can access from an external source, but not internally. Also, we weren't and aren't able to access our OWA ( internally either, just externally.
Maybe I need to add a DNS entry? I don't know how to configure it so it works internally as well, without using lmhosts file. I would think the request would just forward out, but it looks like our DNS server thinks it can handle because it is authoritative for that, but it's not at this point, I guess. Internally, if i use the internal IP address or internal server name, it works fine.
Any ideas?
 
Upvote 0 Downvote
Do you have a in your local DNS pointing to the right place? Unless I'm way off base, that will probably help your internal problems accessing
As for the OWA, ours operates under a different address. Ours is and it works both internally and externally. There's no there at all. And if I'm not mistaken, that's the way that's the OWA default setup.

Hoe that helps. Me: We need a better backup system.
My boss's boss: Backup? We don't need no stinkin' backup!
 
Upvote 0 Downvote
Don't know if this will help, but this is how I set up our DNS servers when I took them over.
1)All clients have only our internal dns numbers in there tcp/ip.
2)Internal DNS servers have internals DNS numbers first, then the external DNS numbers that are supplied to us by our isp.
3)Have hosts and lmhosts set up on all clients to places they may need to go to. 3 interntal servers, 2 external servers and an as400. This way, they don't even need dns for the servers or the as400.
The reason DNS is only interal on clients is that when our members try and find a web site, the look in the back room first for the number. If one of our dns servers have found it before, it's in cache and the user gets to the website in about 2 to 3 seconds. If the dns servers in the back room haven't been to that web site before, they go out to the external dns servers, then when they've found it, it goes into cache locally and the next time the user goes to that site, again 2 to 3 seconds. If you put the external dns on the locals, if it needs to go out and find a site on the external, the external dns gets promoted and it will look outside first from then on. I know this is a bit long and doesn't address some of the issues at hand, but I'm hoping it might give you some ideas. (By the way, clients love the faster access time since I took over.) Glen A. Johnson
Microsoft Certified Professional
gjohn76351@msn.com
"Don't take a fence down until you know why it was put up".
Robert Frost (1874 - 1963); U.S. poet.

 
Upvote 0 Downvote
Thanks guys.
Glen, we have the DNS set up in a similar manner (internal first, external second).
But, that doesn't really address my problem. Thanks anyway.

MIScoord, you are on to something. I tried to set up a on my DNS server, but i don't think i did it right (can you help me out with a few more steps on that?)
And, do i use the internal IP address or external? If it's internal, how do I really know if it works externally? Is there a way i can have it forward to the external IP address, which will then forward back to us internally? I know it's a longer process, but I'd like to do that for troubleshooting purposes.

Also, about OWA, yes, it's mail.company.com/exchange (no but it still doesn't work for us internally. I have to put servername/exchange to get it.
any ideas on that?

thanks.

joel
 
Upvote 0 Downvote
hey chawaje, kind of a shot in the dark but is the internal NIC set to "Use this connections DNS suffix in DNS registration?" that may be totally useless to you, I dont know. I came up with a similar issue at one of my clients that used company.org as the DNS domain and uses as their web site, which is hosted in another state. They could not access the web site from in house, but anyone else outside could. Popped a in and voila! it works great. (Just pointed the Host record to the external IP of the web site)
 
Upvote 0 Downvote
chawaje:

Let me preface this by saying we don't have a in our DNS, and this is because we have an external provider for our website. Therefore we don't need one.

However, to set up a for your DNS, you would need to go to the forward lookup zone, then your domain within that zone. Click once on the domain, and then under action, click "New host." Under name, you want to put " Then under IP, you want the IP address of your internal web server. Then click OK. Once everything replicates between your servers, you should be all right. If I understand DNS correctly, the address will be sent to your internal web server for your network clients. This should not affect in any way anyone attempting to access you site externally. When you switched from an external to an internal host, whoever you have your domain name registered with should have updated the external DNS.

As for the OWA, you will have to have a similar record pointing to your e-mail server. You'd create a similar DNS record, but instead of " you would have "mail," with the IP address set to the IP address of your internal e-mail server. That should send anyone typing mail.company.com/exchange to your OWA login screen.

If I'm messing up on this anywhere, someone please feel free to correct me, but I'm pretty sure I'm right. Me: We need a better backup system.
My boss's boss: Backup? We don't need no stinkin' backup!
 
Upvote 0 Downvote
MIScoord,

Thanks. That sounds exactly right. I did all of that. The problem that I have is that our forward lookup zone is named "internal.company.com", not just "company.com", so when i set up the mail record, it becomes or mail.internal.company.com

Should i not have it internal.company.com and change it to company.com? Can anyone forsee any network-wide issues with changing it, if changing it is necessary?

joel
 
Upvote 0 Downvote
Silly question, but is DHCP setup to give the clients a DNS servers address through server options and more than one server listed?
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

rzammit82
  • Locked
  • Question
Windows Server 2016 - DNS/AD problem
Replies
1
Views
142
suncit
suncit
fredmartinmaine
  • Locked
  • Question
Domain Controller without DNS Server
Replies
4
Views
162
fredmartinmaine
fredmartinmaine
telecotek1
  • Locked
  • Question
strange DNS issue
Replies
1
Views
65
telecotek1
telecotek1
Fabzionj
  • Locked
  • Question
Count record on Text files
Replies
0
Views
42
Fabzionj
Fabzionj
evr72
  • Locked
  • Question
Wundows Server 2003 DNS can resolve names but not ip addresses
Replies
0
Views
32
evr72
evr72

Part and Inventory Search

Sponsor

Back
Top