Solved

Internal DNS to External Website

Posted on 2006-11-01
8
723 Views
Last Modified: 2008-02-24
I was just made responsible for our small network (12 users) when our manager left to take a better job. When my users try to go to our external website they get a page cannot be displayed error, but if they are not in the office they can access it without issue. I called the old manager and he was not very helpful. However, I do remember at some time he was trying to setup an intranet site for the company. I think he setup DNS somewhere that routes all traffic going to our external website to that internal instranet website. Needless to say he did not complete that task (was a common issue) and I now need to at least undo the DNS setting so all the users can get to the external facing website for our company from their internal PC's. I am not well versed in DNS, but do have good basic networking skills. Can someone point me in the right direction as to how to correct this?

TIA
0
Comment
Question by:andrej770
8 Comments
 
LVL 5

Expert Comment

by:darrenakin
Comment Utility
On one of the PC's in question please go to Run and type cmd, then from there type ipconfig /all, please list your results here. Also can you give me an idea of the network setup? Like Router IP, Server IP and so on
0
 
LVL 2

Expert Comment

by:HeavyWaterLTD
Comment Utility
Are you running this server internally?
What is the internal IP address of the server hosting your website?
0
 
LVL 12

Expert Comment

by:r_naren22atyahoo
Comment Utility
Type

ping websiteaddress.com
from the client machines

it may resolve an internl network address.

now go the DNS Server Console.
dril down to the forward lookup zones and find the record assigned to that ip address.
delete it.

regards
naren

0
 
LVL 25

Assisted Solution

by:mikeleebrla
mikeleebrla earned 100 total points
Comment Utility
basically you need to see where your client machines are pointed to for DNS name resolution.  It they are pointed to an internal DNS server, then all you need to do is go to that internal DNS server and create an A record that points to the IP address of your web server in the forward lookup zone named 'yourdomain.com'.  If the server is hosted internally, then you need to point this A record to the INTERNAL IP of the server, if it is hosted externally, then you need to point it to the external IP of the server. thats it.

more than likely your internal windows domain (assuming you have one) and your external domain have the same name, which is fine,,,, but the previous admin/engineer just didn't setup DNS properly for this type of setup.



0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 

Author Comment

by:andrej770
Comment Utility
I tried what you kind folks have stated and it has not worked.  Here are the details.  When I do a ipconfig /all on a client I get this:

C:\>ipconfig /all

Windows IP Configuration

        Host Name . . . . . . . . . . . . : sacabc_8
        Primary Dns Suffix  . . . . . . . : southatlantic.org
        Node Type . . . . . . . . . . . . : Hybrid
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No
        DNS Suffix Search List. . . . . . : southatlantic.org

Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
        Physical Address. . . . . . . . . : 00-08-A4-A4-F6-74
        Dhcp Enabled. . . . . . . . . . . : Yes
        IP Address. . . . . . . . . . . . : 192.168.10.144
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.10.252
        DNS Servers . . . . . . . . . . . : 192.168.10.1

In the DNS server there are two entries to the 192.158.2.1 address.  They are:

-DNS->SACSVR01->Forward Lookup Zones->southatlantic.org
(same as parent folder)                                          192.168.10.1
SACSVR01                                                             192.168.10.1

More info:

All DNS traffic appears to be pointing to the SACSVR01 server (192.168.10.1) and all web access works except to our external site.  It's strange.  Why would I need an A record to go to an externally hosted website.  The name resolution should be the same as any other externally hosted website right?
0
 

Author Comment

by:andrej770
Comment Utility
192.158.2.1 should be 192.168.10.1.  Fat fingered that one. :-)
0
 
LVL 12

Expert Comment

by:r_naren22atyahoo
Comment Utility
What is the result for

ping external-site-address.com(this is your externally hosted website)

on client computers


regards
naren
0
 
LVL 43

Accepted Solution

by:
Steve Knight earned 175 total points
Comment Utility
As has been suggested above (so don't go giving me all the points!) if your domain name is the same internally and externally then when you ask for a record from dns such as www.southatlantic.org it goes to your internal dns server which states that it is authoratitive for that domain, no www record, go away please.

If it was a different domain name internally and externaly or if you hosted the real internet dns one internally then the query gets to the right place and you get the address returned.

Simple easy fix is get the external ip of your web server (assuming it is hosted at an ISP) and create a host record (A) called www which points at that address.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
Resolve DNS query failed errors for Exchange
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now