• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 620
  • Last Modified:

What will happen if I delete an internet (IN) "A" record entry from my DNS ZONE FILE?

Internally, users can NOT reach our external website.  Our website is hosted externally.  The major issue is our domain is the same name as our website.  I've tried adding an A record to my internal DNS server (server 2003) specifically pointing the the external IP address of website but that didn't work.  It didn't work because the company hosting my website neglected to tell me that I don't have a dedicated IP so I'm working on that a separate issue.  Meanwhile My question is this, if I delete the BOLDED line out of my zone file shown below; will we will then be able to get to our website internally? And what are any ramifications of deleting this line that I need to be concerned about?  (domain name changed for security purposes)

reher.com.                                                 IN           MX         10   cluster9.us.messagelabs.com.
reher.com.                                                 IN           MX         20   cluster9a.us.messagelabs.com.
reher.com.                                             IN           A             173.201.168.1www.reher.com.                                      IN           A             173.201.168.1
ftp.reher.com.                                            IN           A             173.201.168.1

0
lovikhan
Asked:
lovikhan
  • 8
  • 6
1 Solution
 
Todd GerbertIT ConsultantCommented:
Internally domain.com will resolve to a Domain Controller, and it needs to be that way for Active Directory to work properly - so don't delete that record.
I think you'll have to have a static IP address on your website, in which case you could safely add an A record for www.domain.com that points to your web server.
The only other alternative that comes to mind is if your web server happens to have another name associated with it that is outside of your domain.com space, like yourcompanyname.yourhostingcompany.com, in which case you could add a CNAME record that points www to yourcompanyname.yourhostingcompany.com
0
 
lovikhanAuthor Commented:
Thanks for your reply.  I definitely wasn't planning on deleting anything off of my domain controller.  I want to delete that entry out of my zone file which resides with my external ISP.  And that IP address next to it, is a static IP giving to me my the company hosting my website.  I was under the impression that the only purpose that line served was to allow people to just type in reher.com without having to type www in front of it.  I don't know if your CNAME suggestion is viable, I'm just looking for a better understanding of what I already have before adding additional entries.
0
 
Todd GerbertIT ConsultantCommented:
Okay, I think I understand a little better.  The issue is that your clients use your internal DNS server (they have to for Active Directory), and your internal DNS is authoritative for reher.com - so when one of your PC's tries to resolve www.reher.com it goes to your internal DNS server, which responds with "no such host" - the external DNS server is never contacted in this scenario.
The resolution is to add an A record for the host www to your internal DNS server with an address of 173.201.168.1.  Now, when one of your computers asks your internal DNS server for www.reher.com it will respond with the web servers address.  Internally, reher.com still won't work as it must always resolve to a domain controller for Active Directory's sake.
On your external DNS server, you should set reher.com = 173.201.168.1 and make www a CNAME of reher.com
0
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

 
lovikhanAuthor Commented:
Yes, your recap is correct.  I already added the A record to my internal DNS server as you stated and doesn't work because my internal domain is also reher.com.  Can you give me a little more help on what exactly a CNAME doesand the syntax for a CNAME entry.  I have to be honest, I'm scared to mess with my zone file too much for fear of causing something else not to work such as website going down externally.  Also, please be patient with me because we'll have to wait for proprogation before we see any results.  
0
 
Todd GerbertIT ConsultantCommented:
First off I need to be clear that you have TWO DNS servers - one at your hosting company, which serves external clients, and one on your Windows Server 2003 box that serves your internal Active Directory clients.
External DNS: Doesn't require any changes.
Internal DNS: Add a host to your reher.com Forward Lookup Zone; put www in the name box and 173.201.168.1 in the IP Address box. Do not change, add, or delete any other records on your internal DNS.
A CNAME (short for cannonical name) record is an alias.  It's not necessary to resolve your question, but in my opinion would be good practice - on your external DNS you can delete the A record for www.reher.com and add a CNAME that associates www.reher.com with reher.com:
www    IN    CNAME reher.com.
Now (externally still, nothing to do with your question or internal hosts) whenever someone wants to resolve www.reher.com they will get whatever the IP address for reher.com is.  CNAME's are useful, particularly with bigger zone files, because now if you ever need to change the IP address of your website you only need to do it in one spot.
(In the CNAME syntax example above, note that since www does not end with a dot, it is implicitly understood that the "origin" should be appended, making the complete name www.reher.com.  The "origin", put simply, is the domain name for which this zone file applies, e.g. reher.com)

0
 
lovikhanAuthor Commented:
give me a few minutes to get some print screens together, I'll get back to you shortly
0
 
lovikhanAuthor Commented:
Thanks for the clarification on the TWO DNS servers, I understand.  I went to check my internal dns using dns management.  Under forward lookup zones I have an entry and have had this entry for several months now to try & resolve this issue.  The entry is as follows.

www        Host(A)        173.201.168.1

External DNS:
I'll add the CNAME entry and see what happens over the next several hours.  Here's what I'm going to add to my EXTERNAL DNS zone file.  Is the syntax correct?

www         IN        CNAME             reher.com.
0
 
Todd GerbertIT ConsultantCommented:
Yes, that CNAME looks correct - keep in mind though that's just a little side-note and shouldn't really affect anything one way or the other.
 
As for the problem with internal clients getting to your website: adding the www Host(A) 173.201.168.1 should have done the trick - if you go to a command prompt on one of your internal computers and ping www.reher.com does it resolve to 173.201.168.1?
0
 
lovikhanAuthor Commented:
Yes, when I ping the IP, it resolves.  As previously stated, I put this A record in several months ago and tried these steps before to no avail.  If the CNAME entry isn't going to help me with my issue, then I guess I'm right back at my original question.
0
 
Todd GerbertIT ConsultantCommented:
If it resolves to the correct IP address then DNS is not the problem.

Remember that internally reher.com is always going to resolve to the internal address of one of your domain  controllers - there's no getting around that. Therefore, http://www.reher.com/ should work, but http://reher.com/ will NOT work. For the same reason, your website might fail to load properly if it contains any absolute URLs to reher.com.
0
 
lovikhanAuthor Commented:
This problem ended up having nothing to do with our zones file, MX record OR our domain/dhcp server.  We are using godaddy.com for hosting and in the godaddy utility where you deploy your website; our developer forgot to put http:// in front of the domain name.  The developer just typed
abc.com                127.100.44.123    

it should have been typed as  follows:

http://abc.com            127.100.44.123

 So because our internal domain is the same as our website, internal users couldn't get to our website because http:// wasn't specified in front of the domain name.  
0
 
lovikhanAuthor Commented:
we found our own solution.
0
 
Todd GerbertIT ConsultantCommented:
>> So becausSo because our internal domain is the same as our website, internal users couldn't get to our website because http:// wasn't specified in front of the domain name.

Hmm, that doesn't make any sense to me (that's almost a completely non-sensical statement), "http:" doesn't really belong anywhere in the GoDaddy tools, and would have affected external and internal clients equally (contrary to your original question).  Also that's a different IP address than you had referred to above, did using the correct IP address ultimately solve your problem?

Are you now saying that from an internal client you can reach the website with www.reher.com or reher.com (and your Active Directory domain name is still reher.com)?
0
 
lovikhanAuthor Commented:
This solution was found after we exhaustively reviewed every single setting on our domain servers, dhcp servers, zone file, mx record and firewalls.  

Once we did all of that, we made atleast a dozen phone calls to godaddy.com and had a 3rd party webdeveloper look at our web site deployment.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 8
  • 6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now