DNS resolution for internal server stops working from time to time.

Posted on 2005-04-08
Last Modified: 2010-04-10
I have a webserver setup in my DMZ, it's got an Internal IP that is not part of our users subnet and a NATed public addresss.  I setup a name entry in our DNS/FS/AD 2000 box, so that the users can hit the site by typing in their browsers.  I'm in a mixed environment LAN/WAN and only my few 98s have the WIns/DNS server IP hardcoded in their tcp/ip settings.    Well, I've noticedf from time to time I will get complaints that people can't see the site.  These are clients running 2000 and XPs.  If they try to ping the site address it will say unreachable and reference the INTERNAL IP.  NSlookup on the DNS server and webserver names resovles correctly when tested from these machines.  I'll then hard code the DNS address in tcp/ip and/OR do an IP release and then renew and they'll be able to ping and it will resolve to the PUBLIC address upon it's four replies and all will be well.  

Any ideas what I should be looking for as to the culprit in why this is happening on the network.  I'm guessing it's some type of DNS issue, but not sure where to look first, second, nor last at this time.

Any insight would be great.


Question by:dee30
    LVL 7

    Expert Comment

    Be sure the ONLY dns listed on clients is the AD (or any AD) server.
    LVL 9

    Assisted Solution


    this is a common problem where the internal domain administrator uses the public registered internet domain name as thier interal Windows domain name.  This is generally NOT recommended.  Why?  Becuase your will have problems resolving your Internet web sites from inside your network.  In addition, there is a security concern becuase the entire Internet will know your internal domain name.

    The only work around is to create manual records on your local DNS servers to resolve your external web sites.

    how to test dns :
    LVL 13

    Expert Comment

    if your Domain is and your website is this can cause this problem.  You will need to add a forward host_A record for www. in DNS.  If your domain is not related to the website, let me know.
    LVL 15

    Accepted Solution

    Does executing the command (at the cmd prompt of course) IPCONFIG /FLUSHDNS
    fix the problem when typed from the effected client PC ?

    The next time a client PC stops seeing the site, go to the cmd prompt & run ipconfig /flushdns.
    Exit back to windows and see if that clears it.

    Let me know the result.

    LVL 23

    Expert Comment

    You can solve this problem with HOSTS and LMHOSTS files, they are SO easy to setup -- unfortunately, others  on EE are opposed to their use, despite MS endorsing them, so I won't go into further details....


    Author Comment

    MrAruba i'll check out your link to test DNS.

    Eatmeimadanish  - My internal server domain name is not in conflict with my nw Domain. They're two different .com domains.

    ZabagaR  - I'll try this next time it happens.  Forgot all about dnsflush....

    Sciwriter - I'd rather not use host and lmhost, that's why I set things up the way I did.  

    Thanks, Guys.  I'll check back in a couple of days.



    Author Comment

    Nothing has come up in the network in order to try the above suggestions. I will award the points I guess for now and repost if I have any further questions on the topic in the future.

    LVL 7

    Expert Comment

    * The machines in question, are part of the domain?
    * Have you checked the DNS server on them with ipconfig?
    * Have you checked primary and secondary DNS on your domain register company?
    * How many DNS servers d you have? One for External and one for Internal?


    Author Comment

    I was going to close this call and split some pointscorrectly(a second time around after I asked the post be reopened), but this situation happened again yesterday.

    1. My domain is completely different my my domain name.
    2. I don't need the forward host_A record for www entry.  
    2. We have one AD server, whish i sour one DNS server.
    3. Our mixed environment machines have the GW address hardcoded and that's it. XP and 2000 shouldnt' need anything else hard coded.
    4. Ipconfig /dnsflush doesn't fix the issue.
    4. Ipconfig /release and then /renew does, but that was to be expected.

    The question is still why is this happening?


    Featured Post

    Highfive Gives IT Their Time Back

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Join & Write a Comment

    I've written instructions for one router type, but this principle may be useful for others of the same brand and even other brands of router. Problem: I had an issue especially with mobile devices that refused to use DNS information supplied via…
    Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    755 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now