problem accessing our external website

We have a Windows 2003 domain. Users cannot access our external website because the wrong IP is showing up when I do an NSLookup.
So we changed the A record to the new website and all external users can access it just fine. But when we try to access it internally, we cant connect to it. Our internal domain name is the same as the www site name, example domain name is ACMEInc.com and we cannot access www.ACMEinc.com. When I do an NSLookup, we get a old stale external IP that hasnt been used for years. I went into the DNS server/Forward LookupZones/corp.ACMEinc.com and created an A record, which shows up as a record named "www". It brings up the right IP now when I do an NSLookup, but I noticed that the FQDN is now showing as www.ACMEinc.com.corp.ACME.com. So we still cannot access the website.

It seems like this should be something easy to setup, but I am lost. Simply wanting to go to www.ACMEinc.com is not working. Please help.
TIA
pulpboy99Asked:
Who is Participating?
 
Chris DentConnect With a Mentor PowerShell DeveloperCommented:

Neither of those.

Normally you wouldn't need to create one at all if the site is externally hosted.

When you run "nslookup www.acmeinc.com" exactly what do you get back?

Chris
0
 
Andres PeralesCommented:
your external dns should point to the public ip address of your website.
your internal dns should point to the internal ip address of your website.
after you make changes you should do an ipconfig /flushdns for your users so the changes can be reflected.
0
 
Chris DentPowerShell DeveloperCommented:

Hey,

Delete the record you just added, it will appear as a number of sub-folders in the DNS console (starting with com, then acmeinc, etc).

Do you have a Forward Lookup Zone called acmeinc.com?

If you do, delete the current entry for www.

Then create a new Host (A) record, the name should just be www, you should see a grey box below fills in the rest of the name. Set the correct IP and you're all set.

You will still need to clear the DNS cache on any client you want to see the change right away. You can do that with "ipconfig /flushdns".

HTH

Chris
0
Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

 
jtdebeerCommented:
It is always advisable to set up an internal domain name as   ACMEinc.local

0
 
Chris DentPowerShell DeveloperCommented:

Hmm actually I have to disagree with that (use of .local).

.local has fallen out of favour recently because there is no guarantee that the .local suffix will never be used publicly. MS no longer recommend use of that suffix because of this.

There are other options, but this one appears to fall into that category. It looks like AD is called corp.acme.com, which is perfectly valid and my current preferred naming convention.

Chris
0
 
pulpboy99Author Commented:
Thanks for the info. I forgot to mention that the website is not hosted by us.
We don't have a Forward lookup zone called acmeinc. We just have two (one called _msdcs.corp.acmeinc.com and the other called corp.acmeinc.com. Which one of the two should I create the A record? If I do that, wont it also put in the FQDN? which will prevent us from simply going to www.acmeinc.com?



0
 
pulpboy99Author Commented:
I get an IP address old stale external IP from a hosting company that we used 5 years ago.
Is there any way I can find out where that IP is resolving from? I checked around the DNS server looking for that IP, but I didn't see it anywhere. I know that externally, the site is resolving fine, so it makes me think there is a record somewhere on the DNS server.
0
 
pulpboy99Author Commented:
the NSLookup comes back with a Non-authorative answer, if that helps.
0
 
pulpboy99Author Commented:
OK, so I created the A record like you said and did the flushdns, but I'm back to where I was earlier. When I do an NSLookup, it resolves with www.acmeinc.com.corp.acmeinc.com, and it has the correct IP now. But I cannot go to the site by simply going to www.acmeinc.com. Is there a way to remove the FQDN? Can't I simply add the route to the DNS server's hosts file?
0
 
Chris DentConnect With a Mentor PowerShell DeveloperCommented:

> the NSLookup comes back with a Non-authorative answer, if that helps.

It does, it means that you're getting it from somewhere else (rather than your server making up the answer).

Yeah, the www record is only good if you have a zone for acmeinc.com rather than just corp.acmeinc.com.

Do you use Forwarders in DNS (properties for server in DNS console, Forwarders tab)? I guess the most likely is that you forward to your ISP, and they used to host the domain and haven't cleaned up.

Chris
0
 
pulpboy99Author Commented:
We do have forwarders. I just plugged a laptop into the ISP router directly to try our ISP's DNS and it came up with the proper IP. It has to do with something internally. I'm going to check the firewall.
0
 
pulpboy99Author Commented:
Figured out that our firewall had a DNS entry for the old website hidden in an area I never touch. I Changed the entry and it works fine now. Thanks for all your help. I did get some insight on DNS, so it was still very helpful, although it did bring up a couple new DNS questions that seemed rather odd(but that's for another post).
0
All Courses

From novice to tech pro — start learning today.