Solved

DNS / DHCP Configuration

Posted on 2004-09-02
39
3,357 Views
Last Modified: 2010-03-18
Good day.

We have SBS2003 installed and running.  It has the following functions:  DNS, Internal Web Site (mycompany), Exchange 2003, and DHCP.

When I have a client set all of the TCP/IP settings automatically, almost all items work - proper IP address, gateway, and DNS addresses.  The client can navigate out to the web; however, they can not navigate to the mycompany web site (http://mycompany).  If the client types in the internal IP address of the server, it will display the default page.  Clicking the link to mycompany web page will not work either (obviously its the same address).  What do I have wrong?  I tried to put the internal IP address of the server within the IP range of the DHCP, but it didn't work.

Thanks in advance.
0
Comment
Question by:freezingHot
  • 17
  • 11
  • 7
  • +1
39 Comments
 
LVL 15

Expert Comment

by:Yan_west
ID: 11967022
If the local domain name is the same as the external domain name, this is normal, the domain will look for the ressource in the internal network. You have to open DNS admin on your domain server, and create a new A record for the WWW website, pointing to the correct ip address.

This should do it.
0
 
LVL 1

Author Comment

by:freezingHot
ID: 11967264
still can not get it to work.  if i do the following:

my server name is myEmailServer

if i navigate to http://myemailserver i get the SBS2003 welcome screen and the following options:  my company's internal web site (which is what i want), network config, remote web workplace, information and answers.  all of the links work with the exception of the "my company's internal web site."  i can navigate to:  http://myemailserver/exchange/validusermailbox - it responds and works well.

i went into the DNS server and put a new A record under forward lookup zones - it didn't fix the issue, however.  Under name, type, and data i have the following:

companyweb, Host (A), and the IP of the server.  i assume this is what you were referring to.  I don't have anything else for it - SOA, NS, or CNAME.

thanks.

0
 
LVL 15

Expert Comment

by:Yan_west
ID: 11967288
Sorry, tought that your Corp website was external at first.. this would have been the problem.. let me think a bit :)
0
 
LVL 15

Expert Comment

by:Yan_west
ID: 11967298
if this like is not working "my company's internal web site", what is the link it is pointing to??
0
 
LVL 11

Accepted Solution

by:
infotrader earned 350 total points
ID: 11967321
Actually, I think the problem has to do with your firewall/router and the routes.  I've come across many routers that cannot reroute packets from the Internal network to the External IP interface of the router.

I assume that you ALREADY have a www A record, but it's pointing to the External IP address of the router.  If that's the case, you have a few options:

1.  If your Internal DNS server is NOT the same as the public DNS server, then you can simply change the IP address of www to point to the private IP.

2.  If your Internal DNS is the same as the External DNS, then you should consider creating another DNS server just for External users, and follow step 1 for your Internal DNS server.

3.  If you do NOT have a DNS zone internally for yourcompany.com, then maybe you should create one, copy everything for yourcompany.com to your DNS server, and change any webservices you are hosting internally to the private IP.

4.  Or.. you could just add an entry to your hosts files (C:\Windows\System32\Drivers\Etc) for www.mycompany.com

- Info
0
 
LVL 1

Author Comment

by:freezingHot
ID: 11967511
#4 did it for my workstation - but i don't want to have to add this entry and maintain it for all of our workstations.

as far as the router is concerned, this http request should never make it to the router since the web site i am trying to get to is internal.

while the name of the computer is myemailserver, the actual url is http://companyweb (this is the default for SBS2003).  i don't seem to understand the dns well enough to have the server map this to itself.
0
 
LVL 11

Expert Comment

by:infotrader
ID: 11967684
The easiest way to do this, actually, is just tell your users to go to http://<Name_of_Email_Server>.  For example, if your email server's FQDN (Fully QUalified Domain Name) is Exchange.mycompany.com, they should be able to access it internally using http://exchange.mycompany.com or even http://exchange

- Info
0
 
LVL 1

Author Comment

by:freezingHot
ID: 11967762
you are correct - that is the way it should work.  if i navigate to the FQDN i get the 2003 welcome page.  it is when i use the first link (my company's internal web site <- verbatim from the default web page) which redirects users to http://companyweb.  i tried to put /companyweb after the FQDN but it didn't work.  i tried to put it in the domain name and that didn't work.

that is why i thought it was a dns issue - nowhere on the network does it understand the url http://companyweb.  therefore, it tries to go outside and fails.  so, i thought somewhere in DNS i could tell it that http://companyweb is really the server itself (dns and this default internal web site are on the same machine).  i don't understand why Microsoft decided to use these defaults and not have the defaults work on client machines (another reason why i thought i had something misconfigured).

i appreciate your time.
0
 
LVL 11

Expert Comment

by:infotrader
ID: 11968118
Yes... Just go to the Active-Directory-Integrated zone (aka your domain's DNS) in your DNS server, and add an "A" record, or Host for "companyweb" and assign it to the IP address.

So... Technically, the FQDN should be http://companyweb.company.com or something like that, because you are all in the same domain, you should not have to worry about the domain suffix, so you should be able to get to http://companyweb that way.

Finally, if you are running WINS, you can also create a Netbios name for companyweb that points to the server.

-Info
0
 
LVL 1

Author Comment

by:freezingHot
ID: 11968332
one more follow up question, please.

when i go into the forward lookup zone, is it normal that the only entry starts with _msdcs and then the server name.  for instance, _msdcs.myemailserver.local.

i put the "A" record inside of this folder.

thanks.
0
 
LVL 11

Expert Comment

by:infotrader
ID: 11968590
Hmmm.. You should also find another entry called myemailserver.local as well...  That's where you are supposed to add the "A" record...

If not, then you should probably create a Forward Lookup Zone for mydomain.local

By the way, shouldn't it be _msdcs.mydomain.local, NOT _msdcs.myemailserver.local?

- Info
0
 
LVL 1

Author Comment

by:freezingHot
ID: 11968656
yes, you are correct - it is _msdcs.mydomain.local.

i added the forward lookup zone and put in the "A" record.. still no go.

I have decided to go with your #4 answer.... our staff will have to add the entry to the hosts file.

thanks for all of your help.
0
 
LVL 15

Expert Comment

by:adamdrayer
ID: 11972648

perhaps the actual website HTML is referencing frames, pictures, files, and links using the www.myemailserver.com.  This means that you can navigate to "http://myemailserver/", but nothing will really work.
0
 
LVL 1

Author Comment

by:freezingHot
ID: 11972921
what i don't comprehend is the following:

my DHCP server assigns to me two (2) DNS servers which are from our ISP provider.  If my client computers use these DNS servers, how does is reference the SBS 2003 box?  I would think that the SBS2003 would be my DNS address which would do the work.  so, by using "http://myemailserver/" it is using the ISP DSN and can't resolve the name.  I don't know if i am phrasing this correctly or not but i see this as the true issue.  if i change my client computer's dns to my SBS2003 box, i can get to "http://companyweb" but i can't get out to the Internet.

thanks.
0
 
LVL 15

Expert Comment

by:adamdrayer
ID: 11973046

Ahhhh..  Ok, you need to point your computers to your internal DNS server... Then you need to setup DNS request forwarding on your DNS server.  You can do this by going into DNS, and then the properties of the server.  Put your ISP's DNS servers in the spaces provided on the forwarders tab.

This way your computers will ask your internal DNS server for resolution, and if it doesn't know (Internet), it will forward the request to your ISP's DNS servers.
0
 
LVL 1

Author Comment

by:freezingHot
ID: 11973185
i have the proper IP addresses in the forwarders and under DNS domains i have, "all other DNS domains" in the box.  In addition, i have it listening to all IP addresses.  still doesn't work - i can't get out to the Internet.
0
 
LVL 15

Expert Comment

by:adamdrayer
ID: 11973372
ok...

from a workstation, type "nslookup www.google.com" at a command prompt and see what happens.
0
 
LVL 1

Author Comment

by:freezingHot
ID: 11973450
*** Can't find server name for address 223.125.125.95 (our SBS box):  Non-existent domain
*** Default servers are not available
Server:  UnKnown
Address:  223.125.125.95

DNS request timed out.  timout was 2 second.
Non-authroitative answer:
Name:  www.google.akadns.net
Addresses:  216.239.41.104, 216.239.41.99
Aliases:  www.google.com
0
 
LVL 15

Expert Comment

by:adamdrayer
ID: 11973574
ok.. that's helpful... now can you post an "ipconfig /all" from your workstation?
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 15

Assisted Solution

by:adamdrayer
adamdrayer earned 150 total points
ID: 11973598
Can't find server name for address 223.125.125.95 (our SBS box):  Non-existent domain
*** Default servers are not available
Server:  UnKnown
Address:  223.125.125.95


you need a reverse DNS entry for your DNS server...

Go into reverse lookup zone, and create a PTR record.
0
 
LVL 1

Author Comment

by:freezingHot
ID: 11973880
after adding the PTR record, the nslookup works just fine.

I still cannot get out to the Internet, however - i have to keep change the DNS value on the property page.

My ipconfig looks like this:

connection-specific dns suffix:  my domain name
ip address: 223.125.125.86
subnet: 255.255.255.0
default gateway:  223.125.125.92 (this is the correct value)
0
 
LVL 15

Expert Comment

by:adamdrayer
ID: 11974046
try it with the "/all" switch...

Your DNS is working fine.  You can resolve network names on the internet.
0
 
LVL 11

Expert Comment

by:infotrader
ID: 11974047
First of all, Thank you for the points...  I will continue to help you resolve your problem regardless, though :-)

Thanks to Adam, we are getting very close to the root of your problems:

1.  Why is your IP address 223.125.125.X?  If that is the Internal IP address of your network, then you might be using a PUBLIC IP address for a Private IP, which might cause you a lot of grief.

2.  have you tried ping www.google.com?  If that does not work, try ping 66.102.7.147?

You are in the right track...  Any changes you've made to the Internal DNS server isn't going to work unless your local workstations point to it as its primary DNS server.

- Info
0
 
LVL 1

Author Comment

by:freezingHot
ID: 11974514
no specific reason for the 223 naming convention.

ipconfig /all:

host name: it-admin
primary nds suffix: t.local
node type: unknown
ip routing enabled: yes
wins proxy enabled: yes
dns suffix search list: t.local (twice)

connection-specific dns suffix:   t.local
description: 3Com 3C920 card
physical address - 00-08 etc...
dhcp enabled: yes
autoconfiguration enabled: yes
ip address: 223.125.125.86
subnet: 255.255.255.0
default gateway:  223.125.125.92
dhcp server:  223.125.125.95
dns servers: 223.125.125.95
prmary wins: 223.125.125.95
lease obtained: 9/3/2004
lease expires: 9/11/2004
0
 
LVL 1

Author Comment

by:freezingHot
ID: 11974563
i want to thank both adam and infotrader.

it is now working - i can't get on to www.yahoo.com, but i can log onto www.microsoft.com and more importantly, experts-exchange.com.

I can get onto our Intranet as well (http://companyweb)

i can ping google.com.

i don't really care about www.yahoo.com, however.

You guys have been a great help and have solved something that has been nagging at me for quite a few days - thanks again.


0
 
LVL 15

Expert Comment

by:adamdrayer
ID: 11975543
nice..  check the file %system32%\drivers\etc\hosts."

if there is tons of yahoo redirections, then you caught caught with a nasty.


glad to hear you are up and running.
0
 
LVL 1

Author Comment

by:freezingHot
ID: 11975661
the file looks clean (1 entry).

i get a DSN request timed out.  timeout was 2 second.
*** request to <FQDN> timed-out

thanks.
0
 
LVL 15

Expert Comment

by:adamdrayer
ID: 11975702
that's strange.. try:

nslookup www.yahoo.com w.x.y.z

where w.x.y.z is the ip address of your ISP's DNS server.
0
 
LVL 1

Author Comment

by:freezingHot
ID: 11975917
it works with the w.x.y.z.... what does this mean?
0
 
LVL 11

Expert Comment

by:infotrader
ID: 11976010
Do an "IPCONFIG /FLUSHDNS" on both the workstation you are trying on as well as your Windows DNS server and see if the problem is resolved.

That means your ISP can resolve www.yahoo.com but you can't, which means the name resolution request somehow isn't being forwarded to your ISP.

- Info
0
 
LVL 1

Author Comment

by:freezingHot
ID: 11976085
didn't help.

i then mapped my dns to our old sbs2000 machine (that one that we replaced) and that one was able to resolve.  does the dns server on sbs2003 take a lot of processing power away from the unit?  i would hope it could handle exchange, dhcp, and dns as one domain controller.  we will only have 35 clients on it.
0
 
LVL 11

Expert Comment

by:infotrader
ID: 11976105
How much memoery do you have, and what CPU?  DNS shouldn't use too much CPU power for 35 clients...

- Info
0
 
LVL 1

Author Comment

by:freezingHot
ID: 11976141
2 gig of memory.

P-3, 997 Mhz.

0
 
LVL 15

Expert Comment

by:adamdrayer
ID: 11976176
Try clearing your cache on your DNS server, by going into DNS and clicking Action -> Clear Cache

0
 
LVL 1

Author Comment

by:freezingHot
ID: 11976203
still nothing.
0
 
LVL 15

Expert Comment

by:adamdrayer
ID: 11976349
does your forward lookup in DNS have any entries that make reference to yahoo?  or perhaps check the hosts file on the DNS server.
0
 
LVL 1

Author Comment

by:freezingHot
ID: 11976539
not that i can see - neither the old system or the new one.
0
 
LVL 15

Expert Comment

by:adamdrayer
ID: 11977538
that's nice of you thankyou.  It is very strange though that you still cannot resolve the name of yahoo.com.  I'm still trying to research where else to check.  thanks again.
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

The Need In an Active Directory enviroment, the PDC emulator provide time synchronization for the domain. This is important since Active Directory uses Kerberos for authentication.  By default, if the time difference between systems is off by more …
This is the first one of a series of articles I’ll be writing to address technical issues that are always referred to as network problems. The network boundaries have changed, therefore having an understanding of how each piece in the network  puzzl…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now