www issue caused by internal and external domain names being same

I have looked at everything on the sie and nothing is exactly what I am experiencing, so here goes .. I sure hope someone can help!

Windows 2000 Server SP4 with Exchange 2000

I have an internal domain name of company.com, the public domain is company.com

I host email internally on Exchange

I host a website externally using a hosting company who also runs primary DNS for company.com

I have made an entry at the hosting company of server.company.com that points back to my static IP.

From the web, I can access all of my resources on the server.  Email works fine.

The problem is, when I type www.company.com from a workstation on the local network, I get page cannot be displayed. (on server and workstations)

To solve this issue I DELEGATED www. to the namservers of the hosting company.

Now from the server I see the external website ... from the workstations however, I get the IIS basic page --> This Site is Under Construction

I know people will say put in a CNAME record pointing to the external website IP .. the problem with that is the hosting company uses a webfarm and publishes all the IP's in the DNS record ... they take them down without notice and replace them with servers with new IP's ... so I can't pick an IP and trust it wil be up forever (I know because I tried this and it doesn't work more than a couple of weeks) ...

I can't turn off IIS becuase of OWA, etc ...

I need to resolve this ASAP so I am offering 500 points!!

Who is Participating?

Improve company productivity with a Business Account.Sign Up

John Gates, CISSPConnect With a Mentor Security ProfessionalCommented:
from the server where things work where does www.company.com resolve to?  The workstation?
Your internal and external domains are the same...  This is not the Microsoft recommended configuration, for the very reason you are having ths issue.  you have a few options.  You could upgrade the domain to Windows server 2003 and then rename the domain to a company.local for the inside DNS.  The problem with your name being the same for both is that your internal server thinks it is autoritative for the domain company.com and if it cannot resolve www it does not look to other servers to resolve it.  So you would have to keep an A record on the internal server and change the IP occasionally.  The other thing you could do is bring your website in locally.  Short of running bind and setting up views and transfer rules the above options are all you can really do....

Hope this helps!
robertbranchAuthor Commented:
from the server it resolves www.company.com to 65.218.234.xx ... if you do the resolution multiple times you may get 3 or 4 differnt addresses.

from the workstation it resolves www.company.com to

I didn't create this domain, so I had no control over the naming convention. I was asked to help resolve this specific issue. I don't think they are interested in upgrading at this juncture.

I have done this multiple times before when the domain names were the same by enteringing a host record for www  ... the difference this time is the multiple addresses that return.

I am not sure why the workstations who use as primary DNS don't recognize the delegation that was put on the DNS server.

Maybe if I could stop IIS from answering for www.company.com that would help ..

John Gates, CISSPSecurity ProfessionalCommented:
>I am not sure why the workstations who use as primary DNS don't recognize the delegation that was put on the DNS server.<

You cannot delegate in this manner.  When a server holds a primary or active directory zone for comapny.com it will not forward or look to another server for the domain.  It kind of works like this:

I have the record company.com and I am authoritative so if www.company.com does not exist in my records the name cannot be found.  

So with this said you must have an a record for www on your local DNS server with the ip

So in your case you will need to place multiple A records mirroring the ISP DNS records for www on the local server.  

The delegation you speak of is like if you had a remote site connected by WAN links for your company you could delegate the zone east.company.com to another Active Directory server at the remote site then if someone looked to company.com's dns for www.east.company.com it would forward it to the remote server.  Does this make sense to you?  You cannot delegate a root domain to a second server.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.