Solved

Same Internal and external domain name, DNS issues, resolve with A records?

Posted on 2010-08-29
23
681 Views
Last Modified: 2012-06-27
I realize now I shouldn't have named my internal domain name the same as our external domain, but I did, and I now we have various issues like GPO's not applying, host names not resolving, and randomly we can't load our extenral website. Renaming the domain isn't an realistic option so I'm hoping to fix this with DNS A records (set www.company.com to the external site and everything else to the internal destinations?). How can I do this? If it matters, it's a small company, just 1 server (the DC / DNS) and 15 PC's. Thanks for your help.
0
Comment
Question by:canalicomputers
  • 10
  • 9
  • 2
  • +2
23 Comments
 
LVL 4

Accepted Solution

by:
slushm earned 250 total points
Comment Utility
http://support.microsoft.com/default.aspx?scid=kb;en-us;304491

read this article or you can put the www.company.com entry in dns to a specific ip address to all requests get sent to the address you want them to go to.
0
 
LVL 4

Expert Comment

by:netF
Comment Utility
You should use split DNS when using the same domain name for accessing both internal and external resources.

 See the below link for how to implement split DNS.
http://www.isaserver.org/tutorials/You_Need_to_Create_a_Split_DNS.html
0
 
LVL 59

Assisted Solution

by:Darius Ghassem
Darius Ghassem earned 250 total points
Comment Utility
You need to create an "A" record in your DNS Forward lookup zone called www with the external IP address of your external website.

Having the same name internally and externall will NOT cause GPO issues. Make sure you are only pointing to internal DNS servers which are your DCs in your clients', DCs', and servers' TCP\IP settings. You should NOT have external DNS servers listed in your TCP\IP settings.
0
 

Author Comment

by:canalicomputers
Comment Utility
I just created the www A record ... will that only handle the issue of accessing the external website or will that also resolve internal host name resolution issues too?
0
 
LVL 59

Expert Comment

by:Darius Ghassem
Comment Utility
This will fix the external issue this will point all www.company.com DNS requests to the external web server holding the website by directly pointing to the server with the external IP address you setup in the A record.

I have used the same name internally and externally many of times without issue this will not cause internal name resolution problems.

Again make sure you are only pointing to internal DNS servers.
0
 

Author Comment

by:canalicomputers
Comment Utility
Where exactly are all the places in Windows Server 2008 that I need to confirm which are only listing the internal DNS server / pushing that to the PC's? Thanks
0
 
LVL 59

Expert Comment

by:Darius Ghassem
Comment Utility
ALL systems should only be pointing to your DCs for DNS in their TCP\IP settings for primary DNS
0
 

Author Comment

by:canalicomputers
Comment Utility
Ok, and I just realized I had 2 entries of external DNS IP's in my DNS Forwarders tab ... long story how they got in there, but I just deleted them, leaving no Forwarder entries ... what impact could those have had if they were useless?
0
 
LVL 59

Expert Comment

by:Darius Ghassem
Comment Utility
You should have DNS forwarderss setup to forward to your ISP DNS servers for external DNS resolution you need to make sure they are updated ones. You should always have forwarders that are current in the DNS server.

http://www.windowsnetworking.com/articles_tutorials/DNS_Conditional_Forwarding_in_Windows_Server_2003.html
0
 

Author Comment

by:canalicomputers
Comment Utility
... when I try remote desktop to various computers, either just using their host name or FQDN I'm not able to connect (not a permissions issues, it just doesn't find them).
0
 
LVL 59

Expert Comment

by:Darius Ghassem
Comment Utility
Post ipconfig /all for DC and clients this is a DNS issue have you checked your TCP\IP settings?
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 

Author Comment

by:canalicomputers
Comment Utility
Here's ipconfig /all from the DC (I replaced the real name with company.com), next post will have client's ipconfig...


Windows IP Configuration

   Host Name . . . . . . . . . . . . : dc
   Primary Dns Suffix  . . . . . . . : company.com
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : company.com

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom BCM5716C NetXtreme II GigE (NDIS VBD Client)
   Physical Address. . . . . . . . . : 84-2B-2B-16-C1-B8
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 10.100.101.236(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 10.100.101.1
   DNS Servers . . . . . . . . . . . : 127.0.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{F1948C29-9976-4763-BBB2-871CEBB85608}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
0
 

Author Comment

by:canalicomputers
Comment Utility
The client's ipconfig /all ...


Windows IP Configuration

        Host Name . . . . . . . . . . . . : D7KGH7D1
        Primary Dns Suffix  . . . . . . . : company.com
        Node Type . . . . . . . . . . . . : Hybrid
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No
        DNS Suffix Search List. . . . . . : company.com
                                                           company.com

Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . : company.com
        Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Controller
        Physical Address. . . . . . . . . : 00-1A-A0-2C-42-C5
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 10.100.101.211
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 10.100.101.1
        DHCP Server . . . . . . . . . . . : 10.100.101.1
        DNS Servers . . . . . . . . . . . : 198.6.1.1
                                                      198.6.1.2
        Primary WINS Server . . . . . . . : 10.100.101.236
        Lease Obtained. . . . . . . . . . : Monday, August 30, 2010 10:02:27 AM
        Lease Expires . . . . . . . . . . : Tuesday, August 31, 2010 10:02:27 AM
0
 
LVL 59

Expert Comment

by:Darius Ghassem
Comment Utility
On DC change this to the actual IP address of the DC DNS Servers . . . . . . . . . . . : 127.0.0.1. Run ipconfig /flushdns, ipconfig /registerdns, and dcdiag /fix.

On client point this to the DC IP address.

 DNS Servers . . . . . . . . . . . : 198.6.1.1
                                                      198.6.1.2

Why do you have those IPs in the TCP\IP settings? This is wrong and is causing you all the problems.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
Comment Utility
On client run ipconfig /flushdns and ipconfig /registerdns once you change the DNS settings.
0
 

Author Comment

by:canalicomputers
Comment Utility
Because I'm a noob... according to the ipconfigs it looks like they already have those setting though? am I not reading them right? and the clients are currently set to auto detect the settings.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
Comment Utility
You need to go to your DHCP server then and change the setting so it will lease the proper DNS server IPs. Looks like your router is handing out the DHCP IP addresses. You need to go into the router then change the DHCP settings once you have done this run ipconfig /release and ipconfig /renew you should see the proper settings you set in the DHCP settings on the router. Then run through the ipconfig commands I gave you above this should fix it all.
0
 

Author Comment

by:canalicomputers
Comment Utility
I just ran ipconfig /all on a different PC and that one has the DC listed as the DNS, which I guess it good, but why would different PC's have different DNS settings if they are all in the same DHCP Scope?
0
 
LVL 59

Expert Comment

by:Darius Ghassem
Comment Utility
They aren't in the same scope you must have 2 different DHCP servers running on the same network. Check the ipconfig /all see what the IP address is on the DHCP server line if it is different then your default router then you have 2 DHCP servers running.
0
 
LVL 13

Expert Comment

by:markusdamenous
Comment Utility
Your router is very likely configured to also be a DHCP server.  You need to turn this off, and allow the server to do the work.  This totally explains your internal dns issues.  Just add the A record to your DNS server for the complete solution.
0
 

Author Comment

by:canalicomputers
Comment Utility
O ok, I will check out the router and will post back, may not be until the weekend, thanks for all the help guys.... markusdamenous: the A record you are referring to is just the www record right?
0
 
LVL 13

Expert Comment

by:markusdamenous
Comment Utility
Yes, just a record for WWW.
0
 

Author Closing Comment

by:canalicomputers
Comment Utility
Thanks
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now