We help IT Professionals succeed at work.

Unable to access Certain DNS name Internally

jburbach
jburbach asked
on
Medium Priority
262 Views
Last Modified: 2010-04-13
I am having some issues with DNS where it will not allow me to access certain DNS Names internally.... I am able to access them by their IP Address though.

Example-

-mail.7Medical.com-
172.30.3.10 internal address
206.11.107.45 is the outside address


-crm.7Medical.com

I have verified that NSLOOKUP is working properly!


I have tried adding a A Host name in DSN for the outside address- Did not work!

Any help would be greatly appreciated... This is a high priority!!!!

Regards,
Jon
Comment
Watch Question

Try stopping the dnscache service (on command line run net stop dnscache).  Then try to ping the hostname.  If this does not work, can you post the A record for the domain.

Author

Commented:
Tried stopping and starting dnscache and that did work. I am unable to ping mail.7medical.com as well... I have tried posting a Host A record and that did not work either.

Thanks
Jon
Non-authoritative answer:
Name:    crm.7medical.com
Address:  206.11.107.44

The DNS resolution is ok for this record.

Do you have separated internal and external DNS servers?

Author

Commented:
We Currently have Internal Integrated DNS... The External DNS is provided by our ISP.

Jon
If stopping the dnscache service allows you to get the correct IP it could be related to Windows negative dns caching.  
See the following kb for a more through explanation:

http://support.microsoft.com/kb/318803/en-us

Jon, can you post the results of a your nslookup internally, it appears the external record is working as intended.
I suspect that your registered DNS name is named identically to your internal AD domain name, is that setup in that way?

Author

Commented:
Nope my Internal domain name is pdnlan.local.

Author

Commented:
The DSN Cache really has nothing to do with this issue...

Author

Commented:
This is what I think is occuring

When you surf to crm.7medical.com from my office (or anywhere for that matter) DNS resolves crm.7medical.com to 206.11.107.44, the public IP for that webserver.   Your browser tries to go to that address, but since that is a NATed address, on the external interface of the firewall, when you try to go there from "inside" you are essentially trying to go out and right back in on the same (external) interface.  Most (if not all firewalls) take exception to that sort of thing.

 Unfortunately, editing the hosts file wouldn't be effective, because while the FQDN would work fine while you were on the 7medical LAN, it wouldn't work when you were out in the rest of the world.

i think you must add a zone 7medical.com to your internal DNS servers an put there A records for the private ip address of all your servers. Make sure you "Clear the DNS cache" on your server.

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.