Solved

DNS service setup like a hosts like?

Posted on 2008-10-09
4
237 Views
Last Modified: 2010-04-19
Hi, we're having a weird problem with DNS setup.  We cannot access our web servers from inside of our network with an external address of the website (we were told it was for security reasons for the firewall / router, why?).  So the router/firewall (Cisco PIX) was configured to translate DNS queries from external IP to internal IP.  So, when I do nslookup on a domain using ANY name server (internal or external) returns for us an internal IP of the server, while for people outside of our network the IP is external.

This setup worked well.

However, lately, and worse randomly, some people on my network started getting the external IP for the server, which we can't access, so they get timeouts while trying to use it.  I'm currently guessing our internal DNS server (domain controller) must get the external IP from a real name server, and cache it.  Of course, this shouldn't happen as our router/firewall always supposed to translate those DNS queries to internal IP.  

Anyways, my only current solution is to clean the DNS cache on my MS Windows 2003 Server, and then run ipconfig /flushdns on client computers.  But in an hour the problem may be back, for different people.  There must be a better solution.

I know I can do the hosts file on computers, with the group policy / login scripts.  I've tried doing the hosts file just on the DNS server, but I'm guessing on the DNS server the hosts file gets ignored - I ping www.domain.com no problem, I get internal IP, but when I do nslookup on the same DNS server, I get the external one.  

I know I could handle it by doing something to the DNS (on domain controller) on our end.  Do I use DNSCMD command?  Assuming I want to force www.domain.com to go to some internal IP, how would I do it?
0
Comment
Question by:s_p_z
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 6

Expert Comment

by:jpquonce
ID: 22681472
Have you added www.domain.com to your local dns server to point to an internal ip?

Is your website the same as your computer network domin. EX test.com is ActiveDirectory network and your website is www.test.com?

If that is the case just add www to the forward look up zone for your domain and add www to point to your internal domain.
0
 

Author Comment

by:s_p_z
ID: 22681620
Haven't added the www.domain.com to local DNS server - is that where I start using the dnscmd /zoneadd or /recordadd?

And nope, this www.domain.com is just a website - our actual Windows domain is something totally different.

And I think that is precisely what I want to do, but searching online I haven't found much help - so I create new zone (with the website domain), and to that I add the www forward look up zone?  

Would you happen to know the commands I run with DNSCMD tool?  Or have a link handy how to do it in GUI?  It can be like a HOSTS file: www.website.com points to 192.168.0.x

Thanks,
0
 
LVL 6

Accepted Solution

by:
jpquonce earned 250 total points
ID: 22681708
"create new zone (with the website domain), and to that I add the www forward look up zone?"

Thats what I would do as that would be the easiest and that would only effect people on your domain.
Go to the GUI and right click FORWARD ZONE and go to NEW ZONE. Then make it a primary zone and just go through the wizard and if you have more then one dns server then you will want to select the options to replicate it. Then when it asks for the zone name just put domain.com. Then in that zone add the www to point to that IP and that should work for you.
0
 
LVL 2

Assisted Solution

by:Dan560
Dan560 earned 250 total points
ID: 22681718
I had the same problem.

I needed to create a forward lookup zone mycompany.com and then add a host (a) record. The record needs to have the internal IP address for example 10.13.1.10.

However for this to work - all your internal users need to pointing to DNS server.

what I did was configured my router so that its DNS server was the sbs, and then setup forwarders on my SBS to look at the DNS servers my isp gave me.
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The articles for turning off the Client firewall policy on the internet are for SBS 2008 and don't really help for SBS 2011. They actually moved the Client firewall policy. In 2011, the client firewall policy has moved to the SBS computers conta…
You may have discovered the 'Compatibility View Settings' workaround for making your SBS 2008 Remote Web Workplace 'connect to a computer' section stops 'working around' after a Windows 10 client upgrade.  That can be fixed so it 'works around' agai…
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question