Solved

DNS service setup like a hosts like?

Posted on 2008-10-09
4
231 Views
Last Modified: 2010-04-19
Hi, we're having a weird problem with DNS setup.  We cannot access our web servers from inside of our network with an external address of the website (we were told it was for security reasons for the firewall / router, why?).  So the router/firewall (Cisco PIX) was configured to translate DNS queries from external IP to internal IP.  So, when I do nslookup on a domain using ANY name server (internal or external) returns for us an internal IP of the server, while for people outside of our network the IP is external.

This setup worked well.

However, lately, and worse randomly, some people on my network started getting the external IP for the server, which we can't access, so they get timeouts while trying to use it.  I'm currently guessing our internal DNS server (domain controller) must get the external IP from a real name server, and cache it.  Of course, this shouldn't happen as our router/firewall always supposed to translate those DNS queries to internal IP.  

Anyways, my only current solution is to clean the DNS cache on my MS Windows 2003 Server, and then run ipconfig /flushdns on client computers.  But in an hour the problem may be back, for different people.  There must be a better solution.

I know I can do the hosts file on computers, with the group policy / login scripts.  I've tried doing the hosts file just on the DNS server, but I'm guessing on the DNS server the hosts file gets ignored - I ping www.domain.com no problem, I get internal IP, but when I do nslookup on the same DNS server, I get the external one.  

I know I could handle it by doing something to the DNS (on domain controller) on our end.  Do I use DNSCMD command?  Assuming I want to force www.domain.com to go to some internal IP, how would I do it?
0
Comment
Question by:s_p_z
  • 2
4 Comments
 
LVL 6

Expert Comment

by:jpquonce
ID: 22681472
Have you added www.domain.com to your local dns server to point to an internal ip?

Is your website the same as your computer network domin. EX test.com is ActiveDirectory network and your website is www.test.com?

If that is the case just add www to the forward look up zone for your domain and add www to point to your internal domain.
0
 

Author Comment

by:s_p_z
ID: 22681620
Haven't added the www.domain.com to local DNS server - is that where I start using the dnscmd /zoneadd or /recordadd?

And nope, this www.domain.com is just a website - our actual Windows domain is something totally different.

And I think that is precisely what I want to do, but searching online I haven't found much help - so I create new zone (with the website domain), and to that I add the www forward look up zone?  

Would you happen to know the commands I run with DNSCMD tool?  Or have a link handy how to do it in GUI?  It can be like a HOSTS file: www.website.com points to 192.168.0.x

Thanks,
0
 
LVL 6

Accepted Solution

by:
jpquonce earned 250 total points
ID: 22681708
"create new zone (with the website domain), and to that I add the www forward look up zone?"

Thats what I would do as that would be the easiest and that would only effect people on your domain.
Go to the GUI and right click FORWARD ZONE and go to NEW ZONE. Then make it a primary zone and just go through the wizard and if you have more then one dns server then you will want to select the options to replicate it. Then when it asks for the zone name just put domain.com. Then in that zone add the www to point to that IP and that should work for you.
0
 
LVL 2

Assisted Solution

by:Dan560
Dan560 earned 250 total points
ID: 22681718
I had the same problem.

I needed to create a forward lookup zone mycompany.com and then add a host (a) record. The record needs to have the internal IP address for example 10.13.1.10.

However for this to work - all your internal users need to pointing to DNS server.

what I did was configured my router so that its DNS server was the sbs, and then setup forwarders on my SBS to look at the DNS servers my isp gave me.
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now