• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 192
  • Last Modified:

DNS resolution for internal server stops working from time to time.

I have a webserver setup in my DMZ, it's got an Internal IP that is not part of our users subnet and a NATed public addresss.  I setup a name entry in our DNS/FS/AD 2000 box, so that the users can hit the site by typing www.sitename.com in their browsers.  I'm in a mixed environment LAN/WAN and only my few 98s have the WIns/DNS server IP hardcoded in their tcp/ip settings.    Well, I've noticedf from time to time I will get complaints that people can't see the site.  These are clients running 2000 and XPs.  If they try to ping the site address it will say unreachable and reference the INTERNAL IP.  NSlookup on the DNS server and webserver names resovles correctly when tested from these machines.  I'll then hard code the DNS address in tcp/ip and/OR do an IP release and then renew and they'll be able to ping www.sitename.com and it will resolve to the PUBLIC address upon it's four replies and all will be well.  

Any ideas what I should be looking for as to the culprit in why this is happening on the network.  I'm guessing it's some type of DNS issue, but not sure where to look first, second, nor last at this time.

Any insight would be great.


2 Solutions
Be sure the ONLY dns listed on clients is the AD (or any AD) server.

this is a common problem where the internal domain administrator uses the public registered internet domain name as thier interal Windows domain name.  This is generally NOT recommended.  Why?  Becuase your will have problems resolving your Internet web sites from inside your network.  In addition, there is a security concern becuase the entire Internet will know your internal domain name.

The only work around is to create manual records on your local DNS servers to resolve your external web sites.

how to test dns :

if your Domain is something.com and your website is www.something.com this can cause this problem.  You will need to add a forward host_A record for www. in DNS.  If your domain is not related to the website, let me know.
Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

Does executing the command (at the cmd prompt of course) IPCONFIG /FLUSHDNS
fix the problem when typed from the effected client PC ?

The next time a client PC stops seeing the site, go to the cmd prompt & run ipconfig /flushdns.
Exit back to windows and see if that clears it.

Let me know the result.

You can solve this problem with HOSTS and LMHOSTS files, they are SO easy to setup -- unfortunately, others  on EE are opposed to their use, despite MS endorsing them, so I won't go into further details....


dee30Author Commented:
MrAruba i'll check out your link to test DNS.

Eatmeimadanish  - My internal server domain name is not in conflict with my nw Domain. They're two different .com domains.

ZabagaR  - I'll try this next time it happens.  Forgot all about dnsflush....

Sciwriter - I'd rather not use host and lmhost, that's why I set things up the way I did.  

Thanks, Guys.  I'll check back in a couple of days.


dee30Author Commented:
Nothing has come up in the network in order to try the above suggestions. I will award the points I guess for now and repost if I have any further questions on the topic in the future.

* The machines in question, are part of the domain?
* Have you checked the DNS server on them with ipconfig?
* Have you checked primary and secondary DNS on your domain register company?
* How many DNS servers d you have? One for External and one for Internal?

dee30Author Commented:
I was going to close this call and split some pointscorrectly(a second time around after I asked the post be reopened), but this situation happened again yesterday.

1. My www.webserver.com domain is completely different my my company.com domain name.
2. I don't need the forward host_A record for www entry.  
2. We have one AD server, whish i sour one DNS server.
3. Our mixed environment machines have the GW address hardcoded and that's it. XP and 2000 shouldnt' need anything else hard coded.
4. Ipconfig /dnsflush doesn't fix the issue.
4. Ipconfig /release and then /renew does, but that was to be expected.

The question is still why is this happening?


Featured Post

What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now