Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Server with similar internal and external domains. Can't always resolve host name internally. 2

Status
Not open for further replies.

PPettit

IS-IT--Management
Sep 13, 2003
511
US
I've got a server running Windows 2008 R2 Standard. We've got some consultants setting it up for BizTalk 2010. It's part of our internal domain (internaldomain.mycompany.biz). Since we needed an SSL certificate for BizTalk, we purchased one along with an external domain name (mycompany.biz). While the consultants are working on the server, they have noticed that they will occasionally lose the ability to resolve the domain name (mycompany.biz). I have a feeling that this is due to the fact that the internal and external domain names are mostly the same.

Here's what happens:
1. The consultants open Internet Explorer on the server and go to " (5556 is an alternate SSL port.)
2. It will eventually say that it couldn't find "mycompany.biz". Ping and tracert won't resolve "mycompany.biz", either.
3. I change the DNS settings on the network adapter from our internal DNS servers to some public DNS servers.
4. " will now go to the appropriate site on the server. Ping and tracert now resolve to the external IP address.

This leads me to the following questions:
1. If I set a hosts entry on the server like "123.123.123 mycompany.biz", will this interfere with the server's ability to work properly on the internal domain (internaldomain.mycompany.biz)?
2. Would it be better to modify some records on the DNS server, instead? If so, what are the settings?
3. Would it be better to use a different external domain for the server ("somesubdomain.mycompany.biz" instead of just "mycompany.biz")?

If I haven't explained this adequately, just let me know and I'll try to fill in the gaps as best I can.
 
As you probably know, the problem is that the FQDN "mycompany.biz" (if that's your internal domain name) is a priviledged FQDN that references all your internal DC's. You can't make it resolve to an external address without causing all sorts of trouble for your AD. Almost anything else will work though: "biztalk.mycompany.biz" or "muffintoop.mycompany.biz". But the root "mycompany.biz" should NOT be used as a URL for your application. That name (and especially internaldomain.mycompany.biz) should return a list of your DC IP's when you query it internally, and when you tell your workstation to use an external DNS server, it will then have issues contacting your internal AD.

Now to answer your specific questions:
1. Yes, you will screw things up if you do that hosts entry, since both "internaldomain.mycompany.biz" and "mycompany.biz" are likely to be used by AD.
2 and 3. It would be best to choose a different external name exactly as you suggest: somehostname.mycompany.biz would work fine. Then you could create specific A-records in your internal DNS that resolve to the public IPs and you wouldn't create any issues.

Dave Shackelford
ThirdTier.net
TrainSignal.com
 
Thanks for the reply, Dave. I'm gonna see about getting the external name changed.
 
I have the similar issue like PPettit. We used to host in house our own web site, then 2 weeks ago, we let an outsider company hosting our company website. People can view our new website if they are not on our LAN. I know it it DNS forwarder issue, and I don't how to fix it. My local DNS server has a domain call mycompany.com, and my website is so when users on the LAN called up the website, it is only resolve locally, therefore it can not find the site.
 
Tomofla, you need to look in your local DNS server and find the "www" record in the mycompany.com zone and change the IP to point to the real public IP of the website (not the internal IP that it used to point to). Is 'mycompany.com' also your internal AD domain-name? If NOT, then you can also change the (same as parent folder) A-record to point to the public website IP. That's because often the 'www' record is just a C-NAME record that points to the '(same as parent folder)' record.

If your internal AD domain name is the same as the public name, and you don't have an A-record for 'www' defined, you'll want to go ahead and do that.

Dave Shackelford
ThirdTier.net
TrainSignal.com
 
ShackDaddy, could you explain a bit clearer about the parent folder, because I used to have a record "www" point to one of the static public ips, and I used to host my own web server. Since 2 weeks ago, I switched to a different public ip address from another hosting company of my web site, then my LAN users can not load up the site.
 
The internal DNS for the tomofla.biz zone in your domain has a 'www' record that doesn't point to the new public IP of the website. That probably just needs to be changed to point to the websites new IP.

Dave Shackelford
ThirdTier.net
TrainSignal.com
 
Hi Dave, I added a "www" Host (A) record with the new public ip address to my one of dns zones(mycompany.com) and I am unable to load the site. I did nslookup the result came back correctly. I also flush dns many times.
 
Hi Dave, here is the result you requested:
192.168.100.24 is my company domain controller and internal dns server. Thanks.

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\Users\tom_cao>nslookup
Default Server: sbfdc01.sandberg.local
Address: 192.168.100.24

> Server: sbfdc01.sandberg.local
Address: 192.168.100.24

Name: Address: 74.52.121.79

>
 
Ok, the problem is that the website itself redirects to a different name: "sandbergfurniture.com" and you don't have an A-record for that name in your internal zone file. Or if you do, it's incorrect.

In that zone, you should have an A record with the name "(same as parent folder)" that points at 74.52.121.79. If you don't have any A-record called "(same as parent folder)" then you need to create one. Just go to the internal sandbergfurniture.com zone and create a new A-record but leave the hostname blank and just put in the IP address.

That should make everything work properly.

Dave Shackelford
ThirdTier.net
TrainSignal.com
 
Hi Dave, You are the man! The company website is loading up internally. First, I created a parent folder liked you told me, it did not work, then I created a "www" Host (A) record pointing to the same IP as the parent folder, then the site loaded up. Thanks.
 
I'm glad it worked, but your NSLOOKUP results seemed to indicate that the "www" record was already resolving properly but the other wasn't. Oh well, as long as it works now.

Dave Shackelford
ThirdTier.net
TrainSignal.com
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top