Solved

What will happen if I delete an internet (IN) "A" record entry from my DNS ZONE FILE?

Posted on 2010-09-23
15
610 Views
Last Modified: 2012-05-10
Internally, users can NOT reach our external website.  Our website is hosted externally.  The major issue is our domain is the same name as our website.  I've tried adding an A record to my internal DNS server (server 2003) specifically pointing the the external IP address of website but that didn't work.  It didn't work because the company hosting my website neglected to tell me that I don't have a dedicated IP so I'm working on that a separate issue.  Meanwhile My question is this, if I delete the BOLDED line out of my zone file shown below; will we will then be able to get to our website internally? And what are any ramifications of deleting this line that I need to be concerned about?  (domain name changed for security purposes)

reher.com.                                                 IN           MX         10   cluster9.us.messagelabs.com.
reher.com.                                                 IN           MX         20   cluster9a.us.messagelabs.com.
reher.com.                                             IN           A             173.201.168.1www.reher.com.                                      IN           A             173.201.168.1
ftp.reher.com.                                            IN           A             173.201.168.1

0
Comment
Question by:lovikhan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 6
15 Comments
 
LVL 33

Expert Comment

by:Todd Gerbert
ID: 33745481
Internally domain.com will resolve to a Domain Controller, and it needs to be that way for Active Directory to work properly - so don't delete that record.
I think you'll have to have a static IP address on your website, in which case you could safely add an A record for www.domain.com that points to your web server.
The only other alternative that comes to mind is if your web server happens to have another name associated with it that is outside of your domain.com space, like yourcompanyname.yourhostingcompany.com, in which case you could add a CNAME record that points www to yourcompanyname.yourhostingcompany.com
0
 

Author Comment

by:lovikhan
ID: 33745572
Thanks for your reply.  I definitely wasn't planning on deleting anything off of my domain controller.  I want to delete that entry out of my zone file which resides with my external ISP.  And that IP address next to it, is a static IP giving to me my the company hosting my website.  I was under the impression that the only purpose that line served was to allow people to just type in reher.com without having to type www in front of it.  I don't know if your CNAME suggestion is viable, I'm just looking for a better understanding of what I already have before adding additional entries.
0
 
LVL 33

Expert Comment

by:Todd Gerbert
ID: 33745740
Okay, I think I understand a little better.  The issue is that your clients use your internal DNS server (they have to for Active Directory), and your internal DNS is authoritative for reher.com - so when one of your PC's tries to resolve www.reher.com it goes to your internal DNS server, which responds with "no such host" - the external DNS server is never contacted in this scenario.
The resolution is to add an A record for the host www to your internal DNS server with an address of 173.201.168.1.  Now, when one of your computers asks your internal DNS server for www.reher.com it will respond with the web servers address.  Internally, reher.com still won't work as it must always resolve to a domain controller for Active Directory's sake.
On your external DNS server, you should set reher.com = 173.201.168.1 and make www a CNAME of reher.com
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:lovikhan
ID: 33745907
Yes, your recap is correct.  I already added the A record to my internal DNS server as you stated and doesn't work because my internal domain is also reher.com.  Can you give me a little more help on what exactly a CNAME doesand the syntax for a CNAME entry.  I have to be honest, I'm scared to mess with my zone file too much for fear of causing something else not to work such as website going down externally.  Also, please be patient with me because we'll have to wait for proprogation before we see any results.  
0
 
LVL 33

Expert Comment

by:Todd Gerbert
ID: 33746090
First off I need to be clear that you have TWO DNS servers - one at your hosting company, which serves external clients, and one on your Windows Server 2003 box that serves your internal Active Directory clients.
External DNS: Doesn't require any changes.
Internal DNS: Add a host to your reher.com Forward Lookup Zone; put www in the name box and 173.201.168.1 in the IP Address box. Do not change, add, or delete any other records on your internal DNS.
A CNAME (short for cannonical name) record is an alias.  It's not necessary to resolve your question, but in my opinion would be good practice - on your external DNS you can delete the A record for www.reher.com and add a CNAME that associates www.reher.com with reher.com:
www    IN    CNAME reher.com.
Now (externally still, nothing to do with your question or internal hosts) whenever someone wants to resolve www.reher.com they will get whatever the IP address for reher.com is.  CNAME's are useful, particularly with bigger zone files, because now if you ever need to change the IP address of your website you only need to do it in one spot.
(In the CNAME syntax example above, note that since www does not end with a dot, it is implicitly understood that the "origin" should be appended, making the complete name www.reher.com.  The "origin", put simply, is the domain name for which this zone file applies, e.g. reher.com)

0
 

Author Comment

by:lovikhan
ID: 33746149
give me a few minutes to get some print screens together, I'll get back to you shortly
0
 

Author Comment

by:lovikhan
ID: 33747282
Thanks for the clarification on the TWO DNS servers, I understand.  I went to check my internal dns using dns management.  Under forward lookup zones I have an entry and have had this entry for several months now to try & resolve this issue.  The entry is as follows.

www        Host(A)        173.201.168.1

External DNS:
I'll add the CNAME entry and see what happens over the next several hours.  Here's what I'm going to add to my EXTERNAL DNS zone file.  Is the syntax correct?

www         IN        CNAME             reher.com.
0
 
LVL 33

Expert Comment

by:Todd Gerbert
ID: 33747958
Yes, that CNAME looks correct - keep in mind though that's just a little side-note and shouldn't really affect anything one way or the other.
 
As for the problem with internal clients getting to your website: adding the www Host(A) 173.201.168.1 should have done the trick - if you go to a command prompt on one of your internal computers and ping www.reher.com does it resolve to 173.201.168.1?
0
 

Author Comment

by:lovikhan
ID: 33748649
Yes, when I ping the IP, it resolves.  As previously stated, I put this A record in several months ago and tried these steps before to no avail.  If the CNAME entry isn't going to help me with my issue, then I guess I'm right back at my original question.
0
 
LVL 33

Expert Comment

by:Todd Gerbert
ID: 33748798
If it resolves to the correct IP address then DNS is not the problem.

Remember that internally reher.com is always going to resolve to the internal address of one of your domain  controllers - there's no getting around that. Therefore, http://www.reher.com/ should work, but http://reher.com/ will NOT work. For the same reason, your website might fail to load properly if it contains any absolute URLs to reher.com.
0
 

Accepted Solution

by:
lovikhan earned 0 total points
ID: 35826674
This problem ended up having nothing to do with our zones file, MX record OR our domain/dhcp server.  We are using godaddy.com for hosting and in the godaddy utility where you deploy your website; our developer forgot to put http:// in front of the domain name.  The developer just typed
abc.com                127.100.44.123    

it should have been typed as  follows:

http://abc.com            127.100.44.123

 So because our internal domain is the same as our website, internal users couldn't get to our website because http:// wasn't specified in front of the domain name.  
0
 

Author Comment

by:lovikhan
ID: 35826704
we found our own solution.
0
 
LVL 33

Expert Comment

by:Todd Gerbert
ID: 35826775
>> So becausSo because our internal domain is the same as our website, internal users couldn't get to our website because http:// wasn't specified in front of the domain name.

Hmm, that doesn't make any sense to me (that's almost a completely non-sensical statement), "http:" doesn't really belong anywhere in the GoDaddy tools, and would have affected external and internal clients equally (contrary to your original question).  Also that's a different IP address than you had referred to above, did using the correct IP address ultimately solve your problem?

Are you now saying that from an internal client you can reach the website with www.reher.com or reher.com (and your Active Directory domain name is still reher.com)?
0
 

Author Closing Comment

by:lovikhan
ID: 35868963
This solution was found after we exhaustively reviewed every single setting on our domain servers, dhcp servers, zone file, mx record and firewalls.  

Once we did all of that, we made atleast a dozen phone calls to godaddy.com and had a 3rd party webdeveloper look at our web site deployment.
0

Featured Post

Why You Need a DevOps Toolchain

IT needs to deliver services with more agility and velocity. IT must roll out application features and innovations faster to keep up with customer demands, which is where a DevOps toolchain steps in. View the infographic to see why you need a DevOps toolchain.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains how a domain name may be inadvertently appended to all DNS queries. This exhibits as described below. (CODE)And / Or: (CODE) Cause This issue can occur in either of these two scenarios. EITHER 1. A Primary DNS S…
BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question