Solved

Configuring DNS settings on Windows 2003 to resolve external website.

Posted on 2006-06-19
11
1,518 Views
Last Modified: 2007-12-19
First off, I did not set up our win2k3 domain and have very little knowledge of Domain Controllers or DNS Administration.

Internally we have a domain configured with a name like "example.com".  However, externally we also have a website with a domain name  "www.example.com".  In addition, externally on the same ip as "www.example.com" we had a website "www.example2.com".  

We have since changed the external website "www.example.com" so that it has it's own ip address however internally within OUR local domain("example.com") only, "www.example.com" is still resolving to the same external ip address as "www.example2.com".

Dnsstuff.com resolves our www domain to the proper ip address.  When I do an "ipconfig /all" it shows my DNS servers as

192.168.1.2
 65.106.1.196

When I manually assign the DNS server of 65.106.1.196 to my network interface, instead of the option to automatically obtain, then www.example.com resolves properly.  So I figure this means that internally, the dns is not resolving properly and that our external ISP provided dns server is working properly.  

I would like to know how I can fix our DNS or DC to allow all computers in the local domain to resolve www.example.com to the proper address.  As I am not terribly familiar with DNS, I attempted to create a "New Host(A)" record within the local "example.com" domain record however when trying to bind it to an external address, I was given an error that there was no corresponding reverse lookup zone.
I'm not confident I'm going about this right.  

Can anyone give me any pointers as to how I can get all the domain computers to resolve the external domain to the proper ip address?
Any help would be greatly appreciated.
0
Comment
Question by:steveshap
  • 6
  • 4
11 Comments
 
LVL 23

Accepted Solution

by:
Erik Bjers earned 300 total points
Comment Utility
your internal clients should be looking at your DNS server for name resolution.  Make sure that you have them configured this way.  Then make sure you have a host www with the correct IP in your example.com forward lookup zone.

eb
0
 
LVL 13

Expert Comment

by:marine7275
Comment Utility
I would change your internal domain to example.local
0
 

Author Comment

by:steveshap
Comment Utility
Thanks for the replies

Ebjers, in reply to your suggestion, how would I go about doing this?
When I tried to create a new host(A) record for www, with the proper ip address and with "Create associated pointer(PTR) record" checked, error was given: "Warning The associated pointer record cannot be created probably because the referenced  reverse lookup zone cannot be found"
When I did not check "Create PTR" I was given the error: "The host record www.example.com cannot be created.  The record already exists"  
If this is so, how can I find it to change the ip address?

As a side note, in the network adapter properties of the Win2k3 server, for TCP/IP settings, the DNS Server addresses were listed as internal first, then external.  When I changed the order to external first, then internal, the dns seemed to resolve properly but I'm pretty sure the internal address was first for a good reason.

0
 

Author Comment

by:steveshap
Comment Utility
Actually in response to ebjers, I saw there were multiple 'www' entries for the domain record.  Some with the proper ip address and some with the old address.  I deleted all the old entries and removed the duplicates and now it seems to resolve properly.

Is there anything else I need to do to ensure it is setup properly?
0
 
LVL 23

Expert Comment

by:Erik Bjers
Comment Utility
The error with the reverse lookup zone not existing, indicates that you may need to create one.  You can have more than one host record for www, but each one needs to have a different IP address.  Check the www record you have in DNS and make sure it has the correct IP.

As far as DNS servers in TCP/IP settings your servers and clients should ONLY have your DNS servers listed NO EXTERNAL DNS SERVERS.

You would then need to create forwarders in your DNS to handle external lookups.

quick questions;

Does this DNS server serve both internal and external requests?

Adding forwarders:
http://www.petri.co.il/how_to_install_active_directory_on_windows_2003.htm

eb
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 

Author Comment

by:steveshap
Comment Utility
This dns server only serves local dns requests.  
0
 

Author Comment

by:steveshap
Comment Utility
Actually, I'm unsure of the last question.  The internal dns server only resolves local requests for external addresses.  Mostly for resolving web addresses.

After following the link you provided, I removed the extra dns address registration on the network interface of the DC.  I then made sure there was a forwarder configured.  When I do ipconfig /all on the server only the local dns address is displayed and everything seems to be resolving properly.  

After releasing and renewing a domain computer and then flushing dns and doing ipconfig /all, the internal AND external DNS server addresses are still showing.  Is there somewhere else on the server I have to configure this?  DHCP?
0
 
LVL 23

Expert Comment

by:Erik Bjers
Comment Utility
To clearify my question;
Your internal clinet look at your DNS server for name lookups (or they will after you change your scope options) and your DNS server forwards the requests to other DNS servers that you configured in forwarders (BTW you may want to add 4.2.2.2 as one of your forwarders, it is the best DNS server I know of).  So far this is the way it is sapposed to work.

If someone trys to go to www.yourdomain.com they need to get the IP address asociated with your server from the DNS server assigned to them by there ISP, but that server needs to get it's info from somewhere.  Is your DNS server accessable from the outside world for name lookups, or is your domain registered with an external name registration service?  If you answer yes to the last part then they are handeling requests for your domain from outside clients, if no then your server is providing DNS info to outside DNS servers.


You need to change your DHCP scop options

http://support.microsoft.com/default.aspx?scid=kb;en-us;139904&sd=tech

0
 

Author Comment

by:steveshap
Comment Utility
Our internal domain's DNS server is not available to the public at all.  It exists only internally.  Any public dns request for our domain will be routed to our offsite, 3rd party web host.  We do no hosting internally.

Changing the scope options seems to have eliminated the additional entry in the DNS server list for a domain client computer and all addresses still seem to be resolving properly.  

Is that all that needs to be done or is there more that I'm missing?  Things seem to be running properly.
0
 
LVL 23

Expert Comment

by:Erik Bjers
Comment Utility
Should be all that needs to be done, glad it works.

eb
0
 

Author Comment

by:steveshap
Comment Utility
Thank you... points awarded.
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

There have been a lot of times when we have seen the need to enter a large number of DNS entries in a forward lookup zone. The standard procedure would be to launch the DNS Manager console, create the Zone and start adding new hosts using the New…
Occasionally you run into the website or two that will not resolve properly using your own DNS servers.  Some people simply set up global forwarders for their DNS server.  I don’t recommend doing this because it can cause problems resolving addresse…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now