• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 561
  • Last Modified:

Manual Entry for DNS

Hi I have inherited a domain which is in the format of companyname.co.uk not .local. The company use OWA which is accessed by http/s://name.companyname.com/exchange. The issue i have is that everyone can access the OWA external but not internal as i need to resolve the DNS entry for http/s://name.companyname.com/exchange to resolve to an internal IP while on the local domain.

IPAD/Phone users work fine externally but not when connected to the local LAN as the setup in the device is looking for the external IP not internal.

IS their anyway i can add http/s://name.companyname.com/exchange to DNS on the LAN to resolve to the internal IP address?

It is on a MS 2003 server with full AD.

Many thanks.
0
FattyPo
Asked:
FattyPo
  • 20
  • 18
  • 13
  • +2
3 Solutions
 
Mike ThomasConsultantCommented:
Just create a Host A record in the dns zone companyname.co.uk (on your dns server) called www. or owa or whatever people type before the companyname.co.uk part when accessing externally. and point it to the internal IP of your mail server.

This is very common set up
0
 
elbereth21Commented:
If I understood correctly your situation, you need to create a DNS zone on your internal DNS server, for companyname.com domain. Add an A record for your mail server to this zone and there you are.
0
 
FattyPoAuthor Commented:
I have tried that, i can ping name.companyname.com and it resolves fine to the internal IP address but when i add http:// before it it still tries to access the internet and external IP address. I have tried to add an A record with http://name.companyname.com but obviously it does not allow me to do this.
0
Free recovery tool for Microsoft Active Directory

Veeam Explorer for Microsoft Active Directory provides fast and reliable object-level recovery for Active Directory from a single-pass, agentless backup or storage snapshot — without the need to restore an entire virtual machine or use third-party tools.

 
elbereth21Commented:
Are you using a proxy? What DNS settings does the proxy use?
Check the results of nslookup, instead of ping.
0
 
FattyPoAuthor Commented:
if i use nslookup, set q=any then query name.companyname.com it resolves to the internal IP address. The server nslookup uses is the DC on the domain.
0
 
FattyPoAuthor Commented:
sorry if i ping name.companyname.com from my PC it resolves to the external IP. Is it possible that DNS just hasn't updated on my PC. I have flushed the DNS cache.
0
 
Sean_D76Commented:
It sounds like you have done it right if you can ping it and get the internal IP.  
There is no reason your browser should be going to the outside IP.  You don't have any proxy settings in your browser do you?
Try closing all browser windows.  Clean your cache out.
Go to CMD and do: ipconfig /flushdns
Then going to the site again.

If you DO have proxy settings in IE then you will find that your web browser will only use DNS results provided to it by the proxy server.
0
 
FattyPoAuthor Commented:
Sorry, i can nslookup and get the internal IP but if i ping i get the external. I have flushed the DNS cahce using ipconfig/flusdns but if i ping name.companyname.com it resolves to the external IP addres.
0
 
FattyPoAuthor Commented:
oh sorry, no proxy.
0
 
Sean_D76Commented:
wait a sec... I'm sorry.  If you are pinging and getting back the EXTERNAL IP then it is not right.
Do you have multiple DNS servers set on your PC?  (if you do ipconfig /all is one of the DNS servers an external DNS server or your firewall?)
Windows may take turns and use the secondary DNS server sometimes to query.  Do another nslookup and use the 'server xxx.xxx.xxx.xxx' command to change the server to be the second DNS server and retest your query.
0
 
FattyPoAuthor Commented:
ok 2 DNS servers both internal i will switch to the other DNS server and test
0
 
Sean_D76Commented:
You don't have any conflicting entries in your HOSTS file do you?
0
 
elbereth21Commented:
No, in this case, if nslookup is correct, while ping isn't, it means that you have problems with netbios name resolution. Do you have WINS servers on your network? Let's try this: can you please create an item in your hosts file?
Like this: open %systemroot%/drivers/etc/hosts
create the object IP_internal_address    website.name
0
 
FattyPoAuthor Commented:
no conflicting entries dns appears to have replicated between the servers. but if i use nslookup server xxx.xxx.xxx.xxx i get a timeout.
0
 
Sean_D76Commented:
No, i'm sorry if your confused but if your internal domain and external domain are different as they appear to be then netbios has nothing to do with it.
Windows tries DNS before it tries NETBIOS in order of query attempts.  If you have any HOSTS file records for that DNS entry then remove them.

Start -> Run...
notepad c:\windows\system32\drivers\etc\hosts
0
 
elbereth21Commented:
The IP you are querying is that of the second DNS server?
0
 
Sean_D76Commented:
when i said server xxx.xxx.xxx.xxx I mean the xxx.xx.xx.xxx should be the IP address of the second server, the one you wish to query.
if you did use the IP in that command and still you are getting timeouts then your DNS server is not responding and that's a good place to start troubleshooting.
Also in the DNS snap-in on your servers right-click on the server object and choose "Clear DNS Cache".
0
 
Sean_D76Commented:
oh I just re-read your post.  "nslookup server xxx.xxx.xxx.xxx " is not one command.
open the CMD.
then type 'nslookup' by itself.
the prompt should change.
then do the 'server x.x.x.x' command where the x.x.x.x is the IP of the server you wish to query.
0
 
Sean_D76Commented:
After 'server x.x.x.x' command then you will tell nslookup to change servers.  then (without exiting nslookup) just type the name you wish to query (name.companyname.com) and hit enter.
0
 
FattyPoAuthor Commented:
right both DNS servers resolve the name.companyname.com to the correct internal IP address. However when i ping i get the external IP
0
 
Sean_D76Commented:
you should be doing these nslookup queries on your PC, right?
not the server...

and when you do ipconfig /all on your PC, the DNS servers you see displayed should be those two internal servers and not any others... right?
0
 
FattyPoAuthor Commented:
yep all correct on my PC, both IP's of the DNS servers have been checked using NSlookup and they both resolve to the internal IP.
0
 
FattyPoAuthor Commented:
also checked host files no records
0
 
Mike ThomasConsultantCommented:
Try it from the DNS server itself, that would rule the clients in or out.

0
 
FattyPoAuthor Commented:
DNS server has the same issue nslookup works but ping resolves to external.
0
 
Ben Personick (Previously QCubed)Lead Network EngineerCommented:
@FP:  Run IPConfig /ALL

Check that the ONLY DNS Server IP Addresses listed are those of your two internal DNS servers.  I'm guessing that your probably on a wireless network or have an ISP DNS server configured on one of your NICs as a DNS Server.


0
 
FattyPoAuthor Commented:
the only DNS servers listed on my PC and all 3 servers are the internal IP addresses.
0
 
Mike ThomasConsultantCommented:
Flush the dns servers local cache, try again, if it is the same then check the servers config.
0
 
FattyPoAuthor Commented:
i have flushed the local cache, still remains the same fine on nslookup but not ping. Where else should i be looking?
0
 
Sean_D76Commented:
something is not making sense here...
wait a sec... are you connected to a VPN tunnel?  you're sure you don't have any other active network adapters on this PC?

you could also have spyware on your PC which is redirecting your DNS queries to an outside host via an infected winsock (tcp/ip stack).  Try a different PC.  If you think you do have a corrupted winsock then use one of the steps in the two solutions listed here: http://www.experts-exchange.com/Networking/Protocols/Transport/TCP-IP/Q_26273278.html

Please double-check that there is no proxy settings either by going to Control Panel -> Internet Options -> Connections tab -> LAN Settings -> everything should be unchecked.

Some viruses will also add proxy settings in there for you.
0
 
Mike ThomasConsultantCommented:
Open the DNS console, select view set it to "advanced" and checked "cached lookups", expand ".com" then look for "companyname", see if it exists if it does delete it.


0
 
Sean_D76Commented:
err not viruses so much as spyware will add those proxy settings anyway...
0
 
Sean_D76Commented:
@MojoTech:  Yeah but I already told him above to right click on the server object and clear the entire cache and I think he did.
0
 
FattyPoAuthor Commented:
I cleared the cached however, i have looked under the advanced view on the companyname under .com and it has an A record with the external IP address in.

Should i delete this?
0
 
Mike ThomasConsultantCommented:
Yes
0
 
Sean_D76Commented:
you should not see any entries in the cache at all for companyname.com unless you actually never cleared the server cache.  You should definitely delete it and the whole comanyname.com (under the cache only of course) but if you really did clear the server's cache before then it will probably reappear the next time you query it.

If it reappears in the cache then this means your zone you created is not working right or was improperly created.  A zone that exists on the DNS server will not show up in that cache.
0
 
FattyPoAuthor Commented:
ok i have cleared the cache again and the entry has gone. I have cleared the cache on all servers and flushed my PC it still all points to the external IP when i ping :-(
0
 
Mike ThomasConsultantCommented:
Did it re-cache it?
0
 
Sean_D76Commented:
Also do a properties on your server name in the DNS snap-in and check if you have any DNS forwarders.  You should not have any, especially not a domain specific forwarder for companyname.com!
0
 
Mike ThomasConsultantCommented:
If it was re-chaced then it is being pulled externally so check that on your dns server you do actually have the zone that reads only as

"companyname.com"

and it that zone you have an a record that reads only "name" (or whatever you use) pointing to the internal IP
0
 
FattyPoAuthor Commented:
yes it has re-cached it. i have looked under forward lookup zones, domainname.co.uk and in there the is a com with a + beside it, i click the + and the external domainname is there (companyname)
0
 
Mike ThomasConsultantCommented:
Also could you post a pic of DNS for this zone+A record? if it checks out OK.

0
 
Sean_D76Commented:
well if its returning that external IP then its not the records in the zone but the zone itself which is being ignored.
you sure there's no typo in the zone name or like MojoTech said, that it says exaclty "companyname.com" and nothing else?
0
 
Mike ThomasConsultantCommented:
"yes it has re-cached it. i have looked under forward lookup zones, domainname.co.uk and in there the is a com with a + beside it, i click the + and the external domainname is there (companyname)"

This is a config issue this zone should not appear as .com under the existing zone "domainname.co.uk "

You need to right click the DNS Server and select "new zone" run through the wizard, make it forward and AD Intergrated and create a new zone called "companyname.com" then create the A record in that zone.

0
 
FattyPoAuthor Commented:
should it be a primary, secondary or sub zone?
0
 
Mike ThomasConsultantCommented:
Primary or AD intergrated, once made as primary you can convert it so roll with Primary for now.
0
 
Sean_D76Commented:
He's quite right.  It should be it's own entry in the DNS cache directly under "com" not under anything else.
Perhaps you accidentally created it as a subdomain to your primary domain...?

not sure why it would pass an nslookup test... primary domain suffix comes into play in an nslookup query...?

0
 
Mike ThomasConsultantCommented:
BTW once done you will have to flush the caches again, but just start on the server to prove it is working then tackle the clients.

0
 
FattyPoAuthor Commented:
Ok i know were i went wrong i created just a new A record not a new zone first. I have created the new zone added an A record for the website! as i couldn't access that. Is there anything i need to add?
0
 
Sean_D76Commented:
If it's 2003 server, choose Primary and there will be a checkbox below which says "store the zone in active directory".
If you instead see an option for active directory integrated by itself then choose that.  I forget at which versions they changed the wizard but it will be one or the other.
0
 
Mike ThomasConsultantCommented:
That should  be it FattyPo, unlees you need other records, if your company website is external you would need a www records in that zone pointing to the external IP and so on or any external recources, anything host externally for companyname.com will not get resolved now you have created a zone unless you have records for them, these records can point internal or external, but any client using your dns server to resolve anything for comapnname.com will only look at the zone you just created, so anything which does not have a record in that zone will not get resolved.


0
 
Sean_D76Commented:
you will need to manually add A records for everything that your external DNS servers are taking care of for "companyname.com".  i.e. if there's a WWW.companyname.com then add that.  if there's a ftp.companyname.com then add that and so on.  Also you can make just plain "companyname.com" point to something by creating an A record and typing nothing in the "Name:" blank.  Probably you also want that to point to your company website.
0
 
Sean_D76Commented:
okay... its been fun but i'm going to bed.  ;-)
0
 
FattyPoAuthor Commented:
cheers guys much appreciated :-) i little closer to understanding DNS always fun.
0
 
Mike ThomasConsultantCommented:
You're welcome, I will be here for a good 10 hours yet having just started work on the other side of the planet, so any more questions just ask.

0
 
FattyPoAuthor Commented:
All i can say guys is thanks for your help and apologies for starting in the wrong place by just creating an A record!
0

Featured Post

Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

  • 20
  • 18
  • 13
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now