Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 822
  • Last Modified:

Why won't my internal DNS Host (A) record work right?

Hello,
 I've setup an internal Host (A) record to point to our external webserver. The record is portal.mydomain.com
Internally I can ping this FQDN and it resolves properly to the external IP. Nslookup also reports the internal dns server and points to our external server. When opening a browser internally and typing in the FQDN it says page cannot be displayed. BUT...........
If I'm outside of our network and type it in a browser it DOES bring up the correct page. I did enter in a dns record for this site in our external dns provider.
So the page comes up fine externally but not internally. I've flushed my dns.
Anything else to check?
Thanks,
BW
0
bwinkworth
Asked:
bwinkworth
  • 11
  • 10
  • 9
  • +2
2 Solutions
 
itnetworknCommented:
If your inside you domain when you try to connect to it why don't you just set up DNS to point to the internal IP address?
0
 
Chris MillardCommented:
Trying creating a CNAME instead of an A record
0
 
bwinkworthAuthor Commented:
The internal DNS record points to an external IP (our webserver) which is hosted elsewhere. All other Host records work like www and test.mydomain.com. Possible that 'portal' is some kind of new reserved word in 2008?

Thanks,
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
jhill777Commented:
So is the computer you're working on configured to use the internal DNS server for DNS?
0
 
bwinkworthAuthor Commented:
jhill777: Yes my internal computer I'm using here at work has my 2 internal dns servers listed when I do an 'ipconfig /all'
roybridge: I'll try a cname

Thanks
0
 
Chris DentPowerShell DeveloperCommented:

> Trying creating a CNAME instead of an A record

Don't bother, it won't have any effect. Besides, what would you alias to?

If both Ping and NsLookup return the right answer you can rule out DNS entirely. It would be worth finding out what's giving you the page cannot be displayed message. Perhaps run "telnet portal.mydomain.com 80" if it's HTTP or "telnet portal.mydomain.com 443" if it's HTTPS. If those don't connect you have a network problem, not a DNS problem.

Chris
0
 
jhill777Commented:
What do you have entered in the "Host" field and FQDN field of the A record exactly?  This A record is within your "mydomain" zone, right?  And your "mydomain zone" is the same "mydomain" as portal.mydomain.com, right?
0
 
bwinkworthAuthor Commented:
Host field is had the word 'portal' w/o the quotes. The FQDN field fills itself as I'm typing in the portal word in the Host field so FQDN says portal.mydomain.com (I'm substituting my real domain name with 'mydomain' FYI)
Yes the A record is within the 'mydomain' zone and yes the domain zone is identical to the portal.mydomain.com.
Telnet doesn't seem to be doing anything no matter what port I put in on any of our websites
portal-properties.JPG
0
 
jhill777Commented:
From the external computer I assume you're using IE, yeah?  You enter portal.mydomain.com and it takes you where you want to go.  Does it change the URL to http://portal.mydomain.com, https: or www?
0
 
bwinkworthAuthor Commented:
Yes I'm using IE. Externally when I enter portal.mydomain.com it does take me where I want to go. It changes the URL to http://www.mydomain.com/logiin/login.aspx which is where our IIS guy has configured the webpage. Please tell me it's his fault LOL

Thanks man
0
 
Chris MillardCommented:
Can I just ask. Is your internal domain name mydomain.com or mydomain.local
0
 
jhill777Commented:
What happens if you type that whole thing out internally in the URL?
0
 
Chris DentPowerShell DeveloperCommented:

Might I suggest that you make sure you can resolve "www.mydomain.com" internally since it changes the URL to that?

Chrios
0
 
jhill777Commented:
Do you have an A record defined for www?  As in www.mydomain.com with the 199.x.x.x addy you provided earlier?
0
 
bwinkworthAuthor Commented:
roybridge: our internal domain is different and its a .int
jhill777: If I type out that url internally it does work. Hmmmm

0
 
bwinkworthAuthor Commented:
chris-dent: Yes www.mydomain.com does work and it brings up the page. I have an internal host record that points to the same IP that this portal one is trying to go to which is why I'm scratching my melon on this one :)

Thank you
0
 
Chris DentPowerShell DeveloperCommented:
The only way the URL can change is if the web server you talk to rewrites it or redirects you.

So, should you end up at that login page? Or is that login page failing to load?

Chris
0
 
Chris DentPowerShell DeveloperCommented:

> our internal domain is different and its a .int

Oh lucky you. Don't try and acquire a certificate including any of your internal domain names. .int is reserved for organisations formed by international treaty ;)

Completely unrelated to this though :)

Chris
0
 
jhill777Commented:
Did you try kicking it?
If that doesn't work maybe scavenge old records on the DNS server?
0
 
Chris DentPowerShell DeveloperCommented:
lol kicking it is surely never inappropriate :)

Chris
0
 
jhill777Commented:
> our internal domain is different and its a .int


So you need to have a new zone created for mydomain.com as your current zone is mydomain.int with an A record for www and an A record for portal, no?
0
 
bwinkworthAuthor Commented:
chris-dent: Niceeeeeeee lol. I'll keep that in mind
I did just talk to our web programmer and the way he has it set for the redirect is with an htaccess file which is edited with ISAPI rewrite. The contents of this file are:
# Helicon ISAPI_Rewrite configuration file
# Version 3.1.0.76

RewriteEngine on

# Redirect non-www version to www
RewriteCond %{HTTPS} (on)?
RewriteCond %{HTTP:Host} ^(?!www\.)(.+)$ [NC]
RewriteCond %{REQUEST_URI} (.+)

RewriteRule .? http(?%1s)://www.%2%3 [R=301,L]
RewriteCond %{HTTP_HOST} portal.mydomain.com
RewriteRule ^(.*)$ http://mydomain.com/login/login.aspx [L]

All jibberish to me but apparently it works.
0
 
bwinkworthAuthor Commented:
jhill777: Yes that's how it's setup. We have different zones setup under Forward Lookup Zones. Mydomain.int is our internal zone and mydomain.com is another zone. We also have a mydomain.ca
0
 
Chris DentPowerShell DeveloperCommented:
So lets loop all the way back:

> I've setup an internal Host (A) record to point to our external webserver. The record is portal.mydomain.com

Why? :)

And it's sending you here:

http://mydomain.com/login/login.aspx

Does that URL actually load inside your office?

Chris
0
 
jhill777Commented:
So let's just put the full URL ( http://www.mydomain.com/logiin/login.aspx) in your favorites and name it portal.mydomain.com and select my "Kicking it" as the answer with Chris on the assist for concurring with said kick and call it a day.  lol
0
 
Chris DentPowerShell DeveloperCommented:

Or perhaps more to the point, if the zone is public, and the services within the zone are external, why do you need an internal version of the mydomain.com zone?

Chris
0
 
jhill777Commented:
Now you're thinkin, Chris.  I concur.  Remove the mydomain.com zone.  Your DNS server for mydomain.int has forwarders configured for external DNS servers so let them handle all exteranl websites...mydomain.com being one of them.  
Kicking it should still get an assist though.  
0
 
bwinkworthAuthor Commented:
chris-dent: Yes that url loads up fine in the office. The reason why I have an internal host record pointing outside is because we have a test webserver in our DMZ that is identical to our external one for testing purposes. So test.mydomain.com would point to the 172.x.x.x but portal points outside to the 199.x.x.x
0
 
Chris DentPowerShell DeveloperCommented:

You could create a zone called "test.mydomain.com" then add a Host (A) record with a blank name and the internal IP (deleting the mydomain.com zone).

That way you only need maintain the record for test, the rest of the zone looks after itself (normal public resolution), leaving much more time for tetris or other wholesome activities :)

Chris
0
 
Chris DentPowerShell DeveloperCommented:

Of course, there is a point where Split-Brain becomes more desirable. I hit it with mine, continually adding zones can be higher maintenance. But for a very small number it's far less effort :)

Chris
0
 
bwinkworthAuthor Commented:
Boosting up the points
0
 
bwinkworthAuthor Commented:
Chris I redid the DNS as you said and it works fine now.
jhill777 I liked your 'kickin it' plan so dropped you some points ;)
Thanks a lot everyone,
BW
0
 
Chris DentPowerShell DeveloperCommented:

You're welcome :)

Chris
0

Featured Post

NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

  • 11
  • 10
  • 9
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now