Solved

Why won't my internal DNS Host (A) record work right?

Posted on 2011-03-03
33
747 Views
Last Modified: 2012-05-11
Hello,
 I've setup an internal Host (A) record to point to our external webserver. The record is portal.mydomain.com
Internally I can ping this FQDN and it resolves properly to the external IP. Nslookup also reports the internal dns server and points to our external server. When opening a browser internally and typing in the FQDN it says page cannot be displayed. BUT...........
If I'm outside of our network and type it in a browser it DOES bring up the correct page. I did enter in a dns record for this site in our external dns provider.
So the page comes up fine externally but not internally. I've flushed my dns.
Anything else to check?
Thanks,
BW
0
Comment
Question by:bwinkworth
  • 11
  • 10
  • 9
  • +2
33 Comments
 
LVL 6

Expert Comment

by:itnetworkn
Comment Utility
If your inside you domain when you try to connect to it why don't you just set up DNS to point to the internal IP address?
0
 
LVL 17

Expert Comment

by:Chris Millard
Comment Utility
Trying creating a CNAME instead of an A record
0
 

Author Comment

by:bwinkworth
Comment Utility
The internal DNS record points to an external IP (our webserver) which is hosted elsewhere. All other Host records work like www and test.mydomain.com. Possible that 'portal' is some kind of new reserved word in 2008?

Thanks,
0
 
LVL 5

Expert Comment

by:jhill777
Comment Utility
So is the computer you're working on configured to use the internal DNS server for DNS?
0
 

Author Comment

by:bwinkworth
Comment Utility
jhill777: Yes my internal computer I'm using here at work has my 2 internal dns servers listed when I do an 'ipconfig /all'
roybridge: I'll try a cname

Thanks
0
 
LVL 70

Expert Comment

by:Chris Dent
Comment Utility

> Trying creating a CNAME instead of an A record

Don't bother, it won't have any effect. Besides, what would you alias to?

If both Ping and NsLookup return the right answer you can rule out DNS entirely. It would be worth finding out what's giving you the page cannot be displayed message. Perhaps run "telnet portal.mydomain.com 80" if it's HTTP or "telnet portal.mydomain.com 443" if it's HTTPS. If those don't connect you have a network problem, not a DNS problem.

Chris
0
 
LVL 5

Expert Comment

by:jhill777
Comment Utility
What do you have entered in the "Host" field and FQDN field of the A record exactly?  This A record is within your "mydomain" zone, right?  And your "mydomain zone" is the same "mydomain" as portal.mydomain.com, right?
0
 

Author Comment

by:bwinkworth
Comment Utility
Host field is had the word 'portal' w/o the quotes. The FQDN field fills itself as I'm typing in the portal word in the Host field so FQDN says portal.mydomain.com (I'm substituting my real domain name with 'mydomain' FYI)
Yes the A record is within the 'mydomain' zone and yes the domain zone is identical to the portal.mydomain.com.
Telnet doesn't seem to be doing anything no matter what port I put in on any of our websites
portal-properties.JPG
0
 
LVL 5

Expert Comment

by:jhill777
Comment Utility
From the external computer I assume you're using IE, yeah?  You enter portal.mydomain.com and it takes you where you want to go.  Does it change the URL to http://portal.mydomain.com, https: or www?
0
 

Author Comment

by:bwinkworth
Comment Utility
Yes I'm using IE. Externally when I enter portal.mydomain.com it does take me where I want to go. It changes the URL to http://www.mydomain.com/logiin/login.aspx which is where our IIS guy has configured the webpage. Please tell me it's his fault LOL

Thanks man
0
 
LVL 17

Expert Comment

by:Chris Millard
Comment Utility
Can I just ask. Is your internal domain name mydomain.com or mydomain.local
0
 
LVL 5

Expert Comment

by:jhill777
Comment Utility
What happens if you type that whole thing out internally in the URL?
0
 
LVL 70

Expert Comment

by:Chris Dent
Comment Utility

Might I suggest that you make sure you can resolve "www.mydomain.com" internally since it changes the URL to that?

Chrios
0
 
LVL 5

Expert Comment

by:jhill777
Comment Utility
Do you have an A record defined for www?  As in www.mydomain.com with the 199.x.x.x addy you provided earlier?
0
 

Author Comment

by:bwinkworth
Comment Utility
roybridge: our internal domain is different and its a .int
jhill777: If I type out that url internally it does work. Hmmmm

0
 

Author Comment

by:bwinkworth
Comment Utility
chris-dent: Yes www.mydomain.com does work and it brings up the page. I have an internal host record that points to the same IP that this portal one is trying to go to which is why I'm scratching my melon on this one :)

Thank you
0
Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

 
LVL 70

Expert Comment

by:Chris Dent
Comment Utility
The only way the URL can change is if the web server you talk to rewrites it or redirects you.

So, should you end up at that login page? Or is that login page failing to load?

Chris
0
 
LVL 70

Expert Comment

by:Chris Dent
Comment Utility

> our internal domain is different and its a .int

Oh lucky you. Don't try and acquire a certificate including any of your internal domain names. .int is reserved for organisations formed by international treaty ;)

Completely unrelated to this though :)

Chris
0
 
LVL 5

Expert Comment

by:jhill777
Comment Utility
Did you try kicking it?
If that doesn't work maybe scavenge old records on the DNS server?
0
 
LVL 70

Expert Comment

by:Chris Dent
Comment Utility
lol kicking it is surely never inappropriate :)

Chris
0
 
LVL 5

Expert Comment

by:jhill777
Comment Utility
> our internal domain is different and its a .int


So you need to have a new zone created for mydomain.com as your current zone is mydomain.int with an A record for www and an A record for portal, no?
0
 

Author Comment

by:bwinkworth
Comment Utility
chris-dent: Niceeeeeeee lol. I'll keep that in mind
I did just talk to our web programmer and the way he has it set for the redirect is with an htaccess file which is edited with ISAPI rewrite. The contents of this file are:
# Helicon ISAPI_Rewrite configuration file
# Version 3.1.0.76

RewriteEngine on

# Redirect non-www version to www
RewriteCond %{HTTPS} (on)?
RewriteCond %{HTTP:Host} ^(?!www\.)(.+)$ [NC]
RewriteCond %{REQUEST_URI} (.+)

RewriteRule .? http(?%1s)://www.%2%3 [R=301,L]
RewriteCond %{HTTP_HOST} portal.mydomain.com
RewriteRule ^(.*)$ http://mydomain.com/login/login.aspx [L]

All jibberish to me but apparently it works.
0
 

Author Comment

by:bwinkworth
Comment Utility
jhill777: Yes that's how it's setup. We have different zones setup under Forward Lookup Zones. Mydomain.int is our internal zone and mydomain.com is another zone. We also have a mydomain.ca
0
 
LVL 70

Expert Comment

by:Chris Dent
Comment Utility
So lets loop all the way back:

> I've setup an internal Host (A) record to point to our external webserver. The record is portal.mydomain.com

Why? :)

And it's sending you here:

http://mydomain.com/login/login.aspx

Does that URL actually load inside your office?

Chris
0
 
LVL 5

Assisted Solution

by:jhill777
jhill777 earned 100 total points
Comment Utility
So let's just put the full URL ( http://www.mydomain.com/logiin/login.aspx) in your favorites and name it portal.mydomain.com and select my "Kicking it" as the answer with Chris on the assist for concurring with said kick and call it a day.  lol
0
 
LVL 70

Expert Comment

by:Chris Dent
Comment Utility

Or perhaps more to the point, if the zone is public, and the services within the zone are external, why do you need an internal version of the mydomain.com zone?

Chris
0
 
LVL 5

Expert Comment

by:jhill777
Comment Utility
Now you're thinkin, Chris.  I concur.  Remove the mydomain.com zone.  Your DNS server for mydomain.int has forwarders configured for external DNS servers so let them handle all exteranl websites...mydomain.com being one of them.  
Kicking it should still get an assist though.  
0
 

Author Comment

by:bwinkworth
Comment Utility
chris-dent: Yes that url loads up fine in the office. The reason why I have an internal host record pointing outside is because we have a test webserver in our DMZ that is identical to our external one for testing purposes. So test.mydomain.com would point to the 172.x.x.x but portal points outside to the 199.x.x.x
0
 
LVL 70

Accepted Solution

by:
Chris Dent earned 300 total points
Comment Utility

You could create a zone called "test.mydomain.com" then add a Host (A) record with a blank name and the internal IP (deleting the mydomain.com zone).

That way you only need maintain the record for test, the rest of the zone looks after itself (normal public resolution), leaving much more time for tetris or other wholesome activities :)

Chris
0
 
LVL 70

Expert Comment

by:Chris Dent
Comment Utility

Of course, there is a point where Split-Brain becomes more desirable. I hit it with mine, continually adding zones can be higher maintenance. But for a very small number it's far less effort :)

Chris
0
 

Author Comment

by:bwinkworth
Comment Utility
Boosting up the points
0
 

Author Closing Comment

by:bwinkworth
Comment Utility
Chris I redid the DNS as you said and it works fine now.
jhill777 I liked your 'kickin it' plan so dropped you some points ;)
Thanks a lot everyone,
BW
0
 
LVL 70

Expert Comment

by:Chris Dent
Comment Utility

You're welcome :)

Chris
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Suggested Solutions

When it comes to showing a 404 error page to your visitors, you do not want that generic page to show, and you especially do not want your hosting provider’s ad error page to show either. In this article, I will show you how to enable the custom 40…
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now