steveshap
asked on
Configuring DNS settings on Windows 2003 to resolve external website.
First off, I did not set up our win2k3 domain and have very little knowledge of Domain Controllers or DNS Administration.
Internally we have a domain configured with a name like "example.com". However, externally we also have a website with a domain name "www.example.com". In addition, externally on the same ip as "www.example.com" we had a website "www.example2.com".
We have since changed the external website "www.example.com" so that it has it's own ip address however internally within OUR local domain("example.com") only, "www.example.com" is still resolving to the same external ip address as "www.example2.com".
Dnsstuff.com resolves our www domain to the proper ip address. When I do an "ipconfig /all" it shows my DNS servers as
192.168.1.2
65.106.1.196
When I manually assign the DNS server of 65.106.1.196 to my network interface, instead of the option to automatically obtain, then www.example.com resolves properly. So I figure this means that internally, the dns is not resolving properly and that our external ISP provided dns server is working properly.
I would like to know how I can fix our DNS or DC to allow all computers in the local domain to resolve www.example.com to the proper address. As I am not terribly familiar with DNS, I attempted to create a "New Host(A)" record within the local "example.com" domain record however when trying to bind it to an external address, I was given an error that there was no corresponding reverse lookup zone.
I'm not confident I'm going about this right.
Can anyone give me any pointers as to how I can get all the domain computers to resolve the external domain to the proper ip address?
Any help would be greatly appreciated.
Internally we have a domain configured with a name like "example.com". However, externally we also have a website with a domain name "www.example.com". In addition, externally on the same ip as "www.example.com" we had a website "www.example2.com".
We have since changed the external website "www.example.com" so that it has it's own ip address however internally within OUR local domain("example.com") only, "www.example.com" is still resolving to the same external ip address as "www.example2.com".
Dnsstuff.com resolves our www domain to the proper ip address. When I do an "ipconfig /all" it shows my DNS servers as
192.168.1.2
65.106.1.196
When I manually assign the DNS server of 65.106.1.196 to my network interface, instead of the option to automatically obtain, then www.example.com resolves properly. So I figure this means that internally, the dns is not resolving properly and that our external ISP provided dns server is working properly.
I would like to know how I can fix our DNS or DC to allow all computers in the local domain to resolve www.example.com to the proper address. As I am not terribly familiar with DNS, I attempted to create a "New Host(A)" record within the local "example.com" domain record however when trying to bind it to an external address, I was given an error that there was no corresponding reverse lookup zone.
I'm not confident I'm going about this right.
Can anyone give me any pointers as to how I can get all the domain computers to resolve the external domain to the proper ip address?
Any help would be greatly appreciated.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
marine7275
I would change your internal domain to example.local
ASKER
Thanks for the replies
Ebjers, in reply to your suggestion, how would I go about doing this?
When I tried to create a new host(A) record for www, with the proper ip address and with "Create associated pointer(PTR) record" checked, error was given: "Warning The associated pointer record cannot be created probably because the referenced reverse lookup zone cannot be found"
When I did not check "Create PTR" I was given the error: "The host record www.example.com cannot be created. The record already exists"
If this is so, how can I find it to change the ip address?
As a side note, in the network adapter properties of the Win2k3 server, for TCP/IP settings, the DNS Server addresses were listed as internal first, then external. When I changed the order to external first, then internal, the dns seemed to resolve properly but I'm pretty sure the internal address was first for a good reason.
Ebjers, in reply to your suggestion, how would I go about doing this?
When I tried to create a new host(A) record for www, with the proper ip address and with "Create associated pointer(PTR) record" checked, error was given: "Warning The associated pointer record cannot be created probably because the referenced reverse lookup zone cannot be found"
When I did not check "Create PTR" I was given the error: "The host record www.example.com cannot be created. The record already exists"
If this is so, how can I find it to change the ip address?
As a side note, in the network adapter properties of the Win2k3 server, for TCP/IP settings, the DNS Server addresses were listed as internal first, then external. When I changed the order to external first, then internal, the dns seemed to resolve properly but I'm pretty sure the internal address was first for a good reason.
ASKER
Actually in response to ebjers, I saw there were multiple 'www' entries for the domain record. Some with the proper ip address and some with the old address. I deleted all the old entries and removed the duplicates and now it seems to resolve properly.
Is there anything else I need to do to ensure it is setup properly?
Is there anything else I need to do to ensure it is setup properly?
The error with the reverse lookup zone not existing, indicates that you may need to create one. You can have more than one host record for www, but each one needs to have a different IP address. Check the www record you have in DNS and make sure it has the correct IP.
As far as DNS servers in TCP/IP settings your servers and clients should ONLY have your DNS servers listed NO EXTERNAL DNS SERVERS.
You would then need to create forwarders in your DNS to handle external lookups.
quick questions;
Does this DNS server serve both internal and external requests?
Adding forwarders:
http://www.petri.co.il/how_to_install_active_directory_on_windows_2003.htm
eb
As far as DNS servers in TCP/IP settings your servers and clients should ONLY have your DNS servers listed NO EXTERNAL DNS SERVERS.
You would then need to create forwarders in your DNS to handle external lookups.
quick questions;
Does this DNS server serve both internal and external requests?
Adding forwarders:
http://www.petri.co.il/how_to_install_active_directory_on_windows_2003.htm
eb
ASKER
This dns server only serves local dns requests.
ASKER
Actually, I'm unsure of the last question. The internal dns server only resolves local requests for external addresses. Mostly for resolving web addresses.
After following the link you provided, I removed the extra dns address registration on the network interface of the DC. I then made sure there was a forwarder configured. When I do ipconfig /all on the server only the local dns address is displayed and everything seems to be resolving properly.
After releasing and renewing a domain computer and then flushing dns and doing ipconfig /all, the internal AND external DNS server addresses are still showing. Is there somewhere else on the server I have to configure this? DHCP?
After following the link you provided, I removed the extra dns address registration on the network interface of the DC. I then made sure there was a forwarder configured. When I do ipconfig /all on the server only the local dns address is displayed and everything seems to be resolving properly.
After releasing and renewing a domain computer and then flushing dns and doing ipconfig /all, the internal AND external DNS server addresses are still showing. Is there somewhere else on the server I have to configure this? DHCP?
To clearify my question;
Your internal clinet look at your DNS server for name lookups (or they will after you change your scope options) and your DNS server forwards the requests to other DNS servers that you configured in forwarders (BTW you may want to add 4.2.2.2 as one of your forwarders, it is the best DNS server I know of). So far this is the way it is sapposed to work.
If someone trys to go to www.yourdomain.com they need to get the IP address asociated with your server from the DNS server assigned to them by there ISP, but that server needs to get it's info from somewhere. Is your DNS server accessable from the outside world for name lookups, or is your domain registered with an external name registration service? If you answer yes to the last part then they are handeling requests for your domain from outside clients, if no then your server is providing DNS info to outside DNS servers.
You need to change your DHCP scop options
http://support.microsoft.com/default.aspx?scid=kb;en-us;139904&sd=tech
Your internal clinet look at your DNS server for name lookups (or they will after you change your scope options) and your DNS server forwards the requests to other DNS servers that you configured in forwarders (BTW you may want to add 4.2.2.2 as one of your forwarders, it is the best DNS server I know of). So far this is the way it is sapposed to work.
If someone trys to go to www.yourdomain.com they need to get the IP address asociated with your server from the DNS server assigned to them by there ISP, but that server needs to get it's info from somewhere. Is your DNS server accessable from the outside world for name lookups, or is your domain registered with an external name registration service? If you answer yes to the last part then they are handeling requests for your domain from outside clients, if no then your server is providing DNS info to outside DNS servers.
You need to change your DHCP scop options
http://support.microsoft.com/default.aspx?scid=kb;en-us;139904&sd=tech
ASKER
Our internal domain's DNS server is not available to the public at all. It exists only internally. Any public dns request for our domain will be routed to our offsite, 3rd party web host. We do no hosting internally.
Changing the scope options seems to have eliminated the additional entry in the DNS server list for a domain client computer and all addresses still seem to be resolving properly.
Is that all that needs to be done or is there more that I'm missing? Things seem to be running properly.
Changing the scope options seems to have eliminated the additional entry in the DNS server list for a domain client computer and all addresses still seem to be resolving properly.
Is that all that needs to be done or is there more that I'm missing? Things seem to be running properly.
Should be all that needs to be done, glad it works.
eb
eb
ASKER
Thank you... points awarded.