Solved

What will happen if I delete an internet (IN) "A" record entry from my DNS ZONE FILE?

Posted on 2010-09-23
15
604 Views
Last Modified: 2012-05-10
Internally, users can NOT reach our external website.  Our website is hosted externally.  The major issue is our domain is the same name as our website.  I've tried adding an A record to my internal DNS server (server 2003) specifically pointing the the external IP address of website but that didn't work.  It didn't work because the company hosting my website neglected to tell me that I don't have a dedicated IP so I'm working on that a separate issue.  Meanwhile My question is this, if I delete the BOLDED line out of my zone file shown below; will we will then be able to get to our website internally? And what are any ramifications of deleting this line that I need to be concerned about?  (domain name changed for security purposes)

reher.com.                                                 IN           MX         10   cluster9.us.messagelabs.com.
reher.com.                                                 IN           MX         20   cluster9a.us.messagelabs.com.
reher.com.                                             IN           A             173.201.168.1www.reher.com.                                      IN           A             173.201.168.1
ftp.reher.com.                                            IN           A             173.201.168.1

0
Comment
Question by:lovikhan
  • 8
  • 6
15 Comments
 
LVL 33

Expert Comment

by:Todd Gerbert
ID: 33745481
Internally domain.com will resolve to a Domain Controller, and it needs to be that way for Active Directory to work properly - so don't delete that record.
I think you'll have to have a static IP address on your website, in which case you could safely add an A record for www.domain.com that points to your web server.
The only other alternative that comes to mind is if your web server happens to have another name associated with it that is outside of your domain.com space, like yourcompanyname.yourhostingcompany.com, in which case you could add a CNAME record that points www to yourcompanyname.yourhostingcompany.com
0
 

Author Comment

by:lovikhan
ID: 33745572
Thanks for your reply.  I definitely wasn't planning on deleting anything off of my domain controller.  I want to delete that entry out of my zone file which resides with my external ISP.  And that IP address next to it, is a static IP giving to me my the company hosting my website.  I was under the impression that the only purpose that line served was to allow people to just type in reher.com without having to type www in front of it.  I don't know if your CNAME suggestion is viable, I'm just looking for a better understanding of what I already have before adding additional entries.
0
 
LVL 33

Expert Comment

by:Todd Gerbert
ID: 33745740
Okay, I think I understand a little better.  The issue is that your clients use your internal DNS server (they have to for Active Directory), and your internal DNS is authoritative for reher.com - so when one of your PC's tries to resolve www.reher.com it goes to your internal DNS server, which responds with "no such host" - the external DNS server is never contacted in this scenario.
The resolution is to add an A record for the host www to your internal DNS server with an address of 173.201.168.1.  Now, when one of your computers asks your internal DNS server for www.reher.com it will respond with the web servers address.  Internally, reher.com still won't work as it must always resolve to a domain controller for Active Directory's sake.
On your external DNS server, you should set reher.com = 173.201.168.1 and make www a CNAME of reher.com
0
 

Author Comment

by:lovikhan
ID: 33745907
Yes, your recap is correct.  I already added the A record to my internal DNS server as you stated and doesn't work because my internal domain is also reher.com.  Can you give me a little more help on what exactly a CNAME doesand the syntax for a CNAME entry.  I have to be honest, I'm scared to mess with my zone file too much for fear of causing something else not to work such as website going down externally.  Also, please be patient with me because we'll have to wait for proprogation before we see any results.  
0
 
LVL 33

Expert Comment

by:Todd Gerbert
ID: 33746090
First off I need to be clear that you have TWO DNS servers - one at your hosting company, which serves external clients, and one on your Windows Server 2003 box that serves your internal Active Directory clients.
External DNS: Doesn't require any changes.
Internal DNS: Add a host to your reher.com Forward Lookup Zone; put www in the name box and 173.201.168.1 in the IP Address box. Do not change, add, or delete any other records on your internal DNS.
A CNAME (short for cannonical name) record is an alias.  It's not necessary to resolve your question, but in my opinion would be good practice - on your external DNS you can delete the A record for www.reher.com and add a CNAME that associates www.reher.com with reher.com:
www    IN    CNAME reher.com.
Now (externally still, nothing to do with your question or internal hosts) whenever someone wants to resolve www.reher.com they will get whatever the IP address for reher.com is.  CNAME's are useful, particularly with bigger zone files, because now if you ever need to change the IP address of your website you only need to do it in one spot.
(In the CNAME syntax example above, note that since www does not end with a dot, it is implicitly understood that the "origin" should be appended, making the complete name www.reher.com.  The "origin", put simply, is the domain name for which this zone file applies, e.g. reher.com)

0
 

Author Comment

by:lovikhan
ID: 33746149
give me a few minutes to get some print screens together, I'll get back to you shortly
0
 

Author Comment

by:lovikhan
ID: 33747282
Thanks for the clarification on the TWO DNS servers, I understand.  I went to check my internal dns using dns management.  Under forward lookup zones I have an entry and have had this entry for several months now to try & resolve this issue.  The entry is as follows.

www        Host(A)        173.201.168.1

External DNS:
I'll add the CNAME entry and see what happens over the next several hours.  Here's what I'm going to add to my EXTERNAL DNS zone file.  Is the syntax correct?

www         IN        CNAME             reher.com.
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 
LVL 33

Expert Comment

by:Todd Gerbert
ID: 33747958
Yes, that CNAME looks correct - keep in mind though that's just a little side-note and shouldn't really affect anything one way or the other.
 
As for the problem with internal clients getting to your website: adding the www Host(A) 173.201.168.1 should have done the trick - if you go to a command prompt on one of your internal computers and ping www.reher.com does it resolve to 173.201.168.1?
0
 

Author Comment

by:lovikhan
ID: 33748649
Yes, when I ping the IP, it resolves.  As previously stated, I put this A record in several months ago and tried these steps before to no avail.  If the CNAME entry isn't going to help me with my issue, then I guess I'm right back at my original question.
0
 
LVL 33

Expert Comment

by:Todd Gerbert
ID: 33748798
If it resolves to the correct IP address then DNS is not the problem.

Remember that internally reher.com is always going to resolve to the internal address of one of your domain  controllers - there's no getting around that. Therefore, http://www.reher.com/ should work, but http://reher.com/ will NOT work. For the same reason, your website might fail to load properly if it contains any absolute URLs to reher.com.
0
 

Accepted Solution

by:
lovikhan earned 0 total points
ID: 35826674
This problem ended up having nothing to do with our zones file, MX record OR our domain/dhcp server.  We are using godaddy.com for hosting and in the godaddy utility where you deploy your website; our developer forgot to put http:// in front of the domain name.  The developer just typed
abc.com                127.100.44.123    

it should have been typed as  follows:

http://abc.com            127.100.44.123

 So because our internal domain is the same as our website, internal users couldn't get to our website because http:// wasn't specified in front of the domain name.  
0
 

Author Comment

by:lovikhan
ID: 35826704
we found our own solution.
0
 
LVL 33

Expert Comment

by:Todd Gerbert
ID: 35826775
>> So becausSo because our internal domain is the same as our website, internal users couldn't get to our website because http:// wasn't specified in front of the domain name.

Hmm, that doesn't make any sense to me (that's almost a completely non-sensical statement), "http:" doesn't really belong anywhere in the GoDaddy tools, and would have affected external and internal clients equally (contrary to your original question).  Also that's a different IP address than you had referred to above, did using the correct IP address ultimately solve your problem?

Are you now saying that from an internal client you can reach the website with www.reher.com or reher.com (and your Active Directory domain name is still reher.com)?
0
 

Author Closing Comment

by:lovikhan
ID: 35868963
This solution was found after we exhaustively reviewed every single setting on our domain servers, dhcp servers, zone file, mx record and firewalls.  

Once we did all of that, we made atleast a dozen phone calls to godaddy.com and had a 3rd party webdeveloper look at our web site deployment.
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

This article is intended as an extension of a blog on Aging and Scavenging by the MS Enterprise Networking Team. In brief, Scavenging is used as follows: Each record in a zone which has been dynamically registered with an MS DNS Server will have…
BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now