Solved

DNS service setup like a hosts like?

Posted on 2008-10-09
4
236 Views
Last Modified: 2010-04-19
Hi, we're having a weird problem with DNS setup.  We cannot access our web servers from inside of our network with an external address of the website (we were told it was for security reasons for the firewall / router, why?).  So the router/firewall (Cisco PIX) was configured to translate DNS queries from external IP to internal IP.  So, when I do nslookup on a domain using ANY name server (internal or external) returns for us an internal IP of the server, while for people outside of our network the IP is external.

This setup worked well.

However, lately, and worse randomly, some people on my network started getting the external IP for the server, which we can't access, so they get timeouts while trying to use it.  I'm currently guessing our internal DNS server (domain controller) must get the external IP from a real name server, and cache it.  Of course, this shouldn't happen as our router/firewall always supposed to translate those DNS queries to internal IP.  

Anyways, my only current solution is to clean the DNS cache on my MS Windows 2003 Server, and then run ipconfig /flushdns on client computers.  But in an hour the problem may be back, for different people.  There must be a better solution.

I know I can do the hosts file on computers, with the group policy / login scripts.  I've tried doing the hosts file just on the DNS server, but I'm guessing on the DNS server the hosts file gets ignored - I ping www.domain.com no problem, I get internal IP, but when I do nslookup on the same DNS server, I get the external one.  

I know I could handle it by doing something to the DNS (on domain controller) on our end.  Do I use DNSCMD command?  Assuming I want to force www.domain.com to go to some internal IP, how would I do it?
0
Comment
Question by:s_p_z
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 6

Expert Comment

by:jpquonce
ID: 22681472
Have you added www.domain.com to your local dns server to point to an internal ip?

Is your website the same as your computer network domin. EX test.com is ActiveDirectory network and your website is www.test.com?

If that is the case just add www to the forward look up zone for your domain and add www to point to your internal domain.
0
 

Author Comment

by:s_p_z
ID: 22681620
Haven't added the www.domain.com to local DNS server - is that where I start using the dnscmd /zoneadd or /recordadd?

And nope, this www.domain.com is just a website - our actual Windows domain is something totally different.

And I think that is precisely what I want to do, but searching online I haven't found much help - so I create new zone (with the website domain), and to that I add the www forward look up zone?  

Would you happen to know the commands I run with DNSCMD tool?  Or have a link handy how to do it in GUI?  It can be like a HOSTS file: www.website.com points to 192.168.0.x

Thanks,
0
 
LVL 6

Accepted Solution

by:
jpquonce earned 250 total points
ID: 22681708
"create new zone (with the website domain), and to that I add the www forward look up zone?"

Thats what I would do as that would be the easiest and that would only effect people on your domain.
Go to the GUI and right click FORWARD ZONE and go to NEW ZONE. Then make it a primary zone and just go through the wizard and if you have more then one dns server then you will want to select the options to replicate it. Then when it asks for the zone name just put domain.com. Then in that zone add the www to point to that IP and that should work for you.
0
 
LVL 2

Assisted Solution

by:Dan560
Dan560 earned 250 total points
ID: 22681718
I had the same problem.

I needed to create a forward lookup zone mycompany.com and then add a host (a) record. The record needs to have the internal IP address for example 10.13.1.10.

However for this to work - all your internal users need to pointing to DNS server.

what I did was configured my router so that its DNS server was the sbs, and then setup forwarders on my SBS to look at the DNS servers my isp gave me.
0

Featured Post

Resolve Critical IT Incidents Fast

If your data, services or processes become compromised, your organization can suffer damage in just minutes and how fast you communicate during a major IT incident is everything. Learn how to immediately identify incidents & best practices to resolve them quickly and effectively.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question