Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 696
  • Last Modified:

Same Internal and external domain name, DNS issues, resolve with A records?

I realize now I shouldn't have named my internal domain name the same as our external domain, but I did, and I now we have various issues like GPO's not applying, host names not resolving, and randomly we can't load our extenral website. Renaming the domain isn't an realistic option so I'm hoping to fix this with DNS A records (set www.company.com to the external site and everything else to the internal destinations?). How can I do this? If it matters, it's a small company, just 1 server (the DC / DNS) and 15 PC's. Thanks for your help.
0
canalicomputers
Asked:
canalicomputers
  • 10
  • 9
  • 2
  • +2
2 Solutions
 
slushmCommented:
http://support.microsoft.com/default.aspx?scid=kb;en-us;304491

read this article or you can put the www.company.com entry in dns to a specific ip address to all requests get sent to the address you want them to go to.
0
 
netFCommented:
You should use split DNS when using the same domain name for accessing both internal and external resources.

 See the below link for how to implement split DNS.
http://www.isaserver.org/tutorials/You_Need_to_Create_a_Split_DNS.html
0
 
Darius GhassemCommented:
You need to create an "A" record in your DNS Forward lookup zone called www with the external IP address of your external website.

Having the same name internally and externall will NOT cause GPO issues. Make sure you are only pointing to internal DNS servers which are your DCs in your clients', DCs', and servers' TCP\IP settings. You should NOT have external DNS servers listed in your TCP\IP settings.
0
New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

 
canalicomputersAuthor Commented:
I just created the www A record ... will that only handle the issue of accessing the external website or will that also resolve internal host name resolution issues too?
0
 
Darius GhassemCommented:
This will fix the external issue this will point all www.company.com DNS requests to the external web server holding the website by directly pointing to the server with the external IP address you setup in the A record.

I have used the same name internally and externally many of times without issue this will not cause internal name resolution problems.

Again make sure you are only pointing to internal DNS servers.
0
 
canalicomputersAuthor Commented:
Where exactly are all the places in Windows Server 2008 that I need to confirm which are only listing the internal DNS server / pushing that to the PC's? Thanks
0
 
Darius GhassemCommented:
ALL systems should only be pointing to your DCs for DNS in their TCP\IP settings for primary DNS
0
 
canalicomputersAuthor Commented:
Ok, and I just realized I had 2 entries of external DNS IP's in my DNS Forwarders tab ... long story how they got in there, but I just deleted them, leaving no Forwarder entries ... what impact could those have had if they were useless?
0
 
Darius GhassemCommented:
You should have DNS forwarderss setup to forward to your ISP DNS servers for external DNS resolution you need to make sure they are updated ones. You should always have forwarders that are current in the DNS server.

http://www.windowsnetworking.com/articles_tutorials/DNS_Conditional_Forwarding_in_Windows_Server_2003.html
0
 
canalicomputersAuthor Commented:
... when I try remote desktop to various computers, either just using their host name or FQDN I'm not able to connect (not a permissions issues, it just doesn't find them).
0
 
Darius GhassemCommented:
Post ipconfig /all for DC and clients this is a DNS issue have you checked your TCP\IP settings?
0
 
canalicomputersAuthor Commented:
Here's ipconfig /all from the DC (I replaced the real name with company.com), next post will have client's ipconfig...


Windows IP Configuration

   Host Name . . . . . . . . . . . . : dc
   Primary Dns Suffix  . . . . . . . : company.com
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : company.com

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom BCM5716C NetXtreme II GigE (NDIS VBD Client)
   Physical Address. . . . . . . . . : 84-2B-2B-16-C1-B8
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 10.100.101.236(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 10.100.101.1
   DNS Servers . . . . . . . . . . . : 127.0.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{F1948C29-9976-4763-BBB2-871CEBB85608}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
0
 
canalicomputersAuthor Commented:
The client's ipconfig /all ...


Windows IP Configuration

        Host Name . . . . . . . . . . . . : D7KGH7D1
        Primary Dns Suffix  . . . . . . . : company.com
        Node Type . . . . . . . . . . . . : Hybrid
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No
        DNS Suffix Search List. . . . . . : company.com
                                                           company.com

Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . : company.com
        Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Controller
        Physical Address. . . . . . . . . : 00-1A-A0-2C-42-C5
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 10.100.101.211
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 10.100.101.1
        DHCP Server . . . . . . . . . . . : 10.100.101.1
        DNS Servers . . . . . . . . . . . : 198.6.1.1
                                                      198.6.1.2
        Primary WINS Server . . . . . . . : 10.100.101.236
        Lease Obtained. . . . . . . . . . : Monday, August 30, 2010 10:02:27 AM
        Lease Expires . . . . . . . . . . : Tuesday, August 31, 2010 10:02:27 AM
0
 
Darius GhassemCommented:
On DC change this to the actual IP address of the DC DNS Servers . . . . . . . . . . . : 127.0.0.1. Run ipconfig /flushdns, ipconfig /registerdns, and dcdiag /fix.

On client point this to the DC IP address.

 DNS Servers . . . . . . . . . . . : 198.6.1.1
                                                      198.6.1.2

Why do you have those IPs in the TCP\IP settings? This is wrong and is causing you all the problems.
0
 
Darius GhassemCommented:
On client run ipconfig /flushdns and ipconfig /registerdns once you change the DNS settings.
0
 
canalicomputersAuthor Commented:
Because I'm a noob... according to the ipconfigs it looks like they already have those setting though? am I not reading them right? and the clients are currently set to auto detect the settings.
0
 
Darius GhassemCommented:
You need to go to your DHCP server then and change the setting so it will lease the proper DNS server IPs. Looks like your router is handing out the DHCP IP addresses. You need to go into the router then change the DHCP settings once you have done this run ipconfig /release and ipconfig /renew you should see the proper settings you set in the DHCP settings on the router. Then run through the ipconfig commands I gave you above this should fix it all.
0
 
canalicomputersAuthor Commented:
I just ran ipconfig /all on a different PC and that one has the DC listed as the DNS, which I guess it good, but why would different PC's have different DNS settings if they are all in the same DHCP Scope?
0
 
Darius GhassemCommented:
They aren't in the same scope you must have 2 different DHCP servers running on the same network. Check the ipconfig /all see what the IP address is on the DHCP server line if it is different then your default router then you have 2 DHCP servers running.
0
 
Mark DamenERP System ManagerCommented:
Your router is very likely configured to also be a DHCP server.  You need to turn this off, and allow the server to do the work.  This totally explains your internal dns issues.  Just add the A record to your DNS server for the complete solution.
0
 
canalicomputersAuthor Commented:
O ok, I will check out the router and will post back, may not be until the weekend, thanks for all the help guys.... markusdamenous: the A record you are referring to is just the www record right?
0
 
Mark DamenERP System ManagerCommented:
Yes, just a record for WWW.
0
 
canalicomputersAuthor Commented:
Thanks
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 10
  • 9
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now