?
Solved

DNS when domain name is same as internet domain for corporate website

Posted on 2003-03-12
21
Medium Priority
?
298 Views
Last Modified: 2008-02-01
I am in the process of migrating to w2k active directory.  All domain members are able to access the internet by having the DNS on the local client point back to the forest root server.  My problem is only a small one.  No client can go to our corporate (public) internet site.  This site has the same name as our newly formed domain...  example:   www.example.org      Our domain is "example.org".  I'm not sure, but i think there needs to be something done with the forward lookup zones, but i'm not sure.  I'd like some help.  thanks,
0
Comment
Question by:jhassett23
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 7
  • 2
  • +2
21 Comments
 
LVL 16

Expert Comment

by:JammyPak
ID: 8120875
you need to add an additional 'a' host record for your public website, with the public ip address in there.

JP
0
 
LVL 4

Expert Comment

by:gozoliet
ID: 8120980
Make sure you have your DNS server configured to use Forwarders. This way, if your local server does not resolve the address, it will request it from another DNS Server.
Administrative Tools -> DNS -> Right-click on the server name -> Menu Tab 'Forwarders'
- CHeck off Enable FOrwarders and add your ISP's DNS server

Also, you can add an A record for your web server.
in DNS -> Forward Lookup ZOnes -> Right-click on your domain name and select Add Host.
Add the host of www and the external IP of your company's web server.
0
 
LVL 1

Author Comment

by:jhassett23
ID: 8121119
i tried enabling forwarders first, and pointed it to our worldcom dns servers.  i refreshed and everything, but still same old dns error on the web browser.  Do i need to reboot the machine?   I'll try placing the public ip address in the forward lookup zones after i reboot the server.
0
Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

 
LVL 1

Author Comment

by:jhassett23
ID: 8121189
i tried enabling forwarders first, and pointed it to our worldcom dns servers.  i refreshed and everything, but still same old dns error on the web browser.  Do i need to reboot the machine?   I'll try placing the public ip address in the forward lookup zones after i reboot the server.
0
 
LVL 16

Expert Comment

by:JammyPak
ID: 8121259
forwarding won't work - when your server receives a request for example.com, it says 'hey - I have a zone for that domain, so I'll answer this myself!'. it then looks in the zone and says 'hey, there's no www record in here!' and replies back to you with a failure.
It will *only* forward a request when it does *not* control a zone for the domain in question.

HTH,
JP
0
 
LVL 1

Author Comment

by:jhassett23
ID: 8121302
jammy, how do i go about having my local domain "example.org" no control the zone for the domain in question?
0
 
LVL 4

Expert Comment

by:gozoliet
ID: 8121308
"Also, you can add an A record for your web server."

Can was wrong word. should be must.
0
 
LVL 16

Expert Comment

by:JammyPak
ID: 8121446
you can't - you need to have the domain there for AD, so the DNS server won't forward any requests for that domain.

the two solutions are:
add your 'public' hosts (ex www) into the zone, or redo your domain using a different name (don't think you wanna go there).
0
 
LVL 1

Expert Comment

by:asamaras
ID: 8121717
JammyPak is righ, if you have your internet name same as your AD controler domain, you *must* either change your AD domain or include your www server in it. Alternatevly you may either create an aliace for your www let's say www.example1.org or www.excamlpe.com or create an internal web page to point directly to your www IP. Second approach is the fastest and the less demanding.
0
 
LVL 1

Author Comment

by:jhassett23
ID: 8122553
alll right, it still doesn't work.  I added a reverse lookup zone with the public ip address of our virtual web server.  And it worked!  I was able to get to our corp public website and everything.  I rebooted the server, and now it doesn't work anymore.  I wish i knew more about dns.  I've tried the a host, the forwarders.  It shouldn't be this hard, when the documentation from Microsoft says that if you have an internet website already, you can use that as your parent domain.  Yeah right.  All it's caused me is headaches
0
 
LVL 16

Accepted Solution

by:
JammyPak earned 2000 total points
ID: 8122636
hmmm...this is strange.

Just to recap....
You should not require a reverse-lookup zone or a forwarder. You will have a forward-lookup zone for your domain. All of your domain members will be in there if it's AD-integrated, but then you also add a single host record, called www and with the ip address of your public website.

question - where is your public website? - hosted elsewhere, or in your DMZ?

one more - can your clients get to your public website using it's ip address? (taking a step back....)

JP
0
 
LVL 1

Author Comment

by:jhassett23
ID: 8122675
yes, if i type in the ip address of our public webserver, which is hosted offsite by an internet webhosting company, The client can get there.  So, its strictly a domain name resolving issue, it seems.    I'm going to take away the forwarders from the dns, i will also delete all that i entered into the reverse lookup zones folder as well.
0
 
LVL 1

Author Comment

by:jhassett23
ID: 8122687
could our domain name need updated on the internet's core root dns servers?  i know we had to wait a bit when we changed our company name for that to happen, according to the person who hosts our website.
0
 
LVL 16

Expert Comment

by:JammyPak
ID: 8122709
ah...this is interesting...it's quite possible that *noone* can get to your website! :)

Try doing an nslookup on your website and see what comes back - maybe you're getting the wrong address.

What change was made? Changed the company name?
0
 
LVL 2

Expert Comment

by:markmedici
ID: 8122773
I do this all the time, and JammyPak is 100% right.

You *MUST* manually add "A" records in your DNS for each external host.  Don't play around with false domain names or forwarding, it only makes things more complicated and more difficult to debug if there's a problem.

You SHOULD ALSO enable forwarders on your DNS server, as this will probably speed-up DNS resolution (not to mention reduce the load on the root nameservers).

To add an A record:

 * Start --> Administrative Tools --> DNS
 * Expand your DNS server
 * Expand "Forward Lookup Zones"
 * Expand your zone name (i.e., "example.com")
 * RIGHT-click on your zone name (i.e., "example.com")
 * Fill-in the hostname only (i.e., "www") in the first field (NOT the fully-qualified domain name).
 * Fill-in the IP address for this host (which you can determine via NSLOOKUP www.example.com).
 * Save the changes.

Test
 * Open a command prompt
 * Enter "IPCONFIG /flushdns"
 * Ping the host (i.e., "ping www.example.com") and make sure you get the expected external address.

0
 
LVL 1

Author Comment

by:jhassett23
ID: 8122827
OK.  performing the nslookup www.examplecu.org with a client from our existing w2k workgroup (currently in use) gives:
server: of cache00.ns.uu.net
Address:  198.6.1.1  (which is our main dns server given
     to us by worldcom)
Name:   www.examplecu.org
address:  xxx.xx.xx.xx (which is the correct public IP)

Performing this on a client attached to the domain gives the following:

***can't find server name for address 192.168.213.189: Non-existent domain
***Default Servers are not available
Server:  UnKnown
Address:  192.168.213.180

Name:  www.examplecu.org
Address xxx.xx.xx.xx (which it gives the correct Public IP here as well)
the 192 number is the internal ip address of our Primary Domain Controller which is what i'm working on setting up.
0
 
LVL 1

Author Comment

by:jhassett23
ID: 8122829
i'm sure its something i setup wrong
0
 
LVL 16

Expert Comment

by:JammyPak
ID: 8122875
the first portion is reporting on the dns server itself, the second portion is reporting on whatever you asked it to lookup.

It also tries to do a reverse lookup to find the name of your dns server - which in this case failed (this can be fixed by creating a reverse lookup zone and putting a PTR record for your DNS server in there).

Unfortunately, that doesn't explain the problem. nslookup found the correct public address of the server.

I would try the ipconfig /flushdns, and also delete the browser cache, close and reopen the broswer to make sure you haven't cached a negative response (which does happen).

JP
0
 
LVL 2

Expert Comment

by:markmedici
ID: 8123013
What is the real name of the webserver?  One of us can check DNS resolution from outside to see if there's a problem.
0
 
LVL 1

Author Comment

by:jhassett23
ID: 8123245
it's working now.  the webserver name is www.beaconcu.org 
I just don't get DNS stuff.  Now, my workgroup client says

C:\Documents and Settings\jason>nslookup /flushdns
Server:  cache00.ns.uu.net
Address:  198.6.1.1

*** cache00.ns.uu.net can't find /flushdns: Non-existent domain

Sometimes that dos command works, other times it doesn't.  For instance 5 minutes after i wrote the above, it came back looking like it should!  That dns server from worldcom must be tired.  It still gives me the other message when performing the nslookup off of a domain client, but the webpages work.  After i basically deleted all of the dns entries, All i did was re-enter the forwarders, and re-entered the host(A) "www" server.  And now i'm able to get to the website.  Why does the domain zone in the forward lookup zone add my local computer account as a host?  Why is there 169.254.225.219 as a host?  That address isn't on my network at all.  That same address was constantly adding itself as the dns server for my cousin's home 2000 AD network, and screwing things up.
0
 
LVL 16

Expert Comment

by:JammyPak
ID: 8127345
Glad it's working...

Win2000 DNS can have 'dynamic updates' - which means you register yourself in the DNS. Look in the advanced TCP/IP properties of your network connection, and you'll see a check box for registering yourself in the DNS.

Also, the 169.* are automatic addresses - this is what you'd get if you were using DHCP but couldn't find a DHCP server.

JP
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question