Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Why won't my internal DNS Host (A) record work right?

Posted on 2011-03-03
33
Medium Priority
?
820 Views
Last Modified: 2012-05-11
Hello,
 I've setup an internal Host (A) record to point to our external webserver. The record is portal.mydomain.com
Internally I can ping this FQDN and it resolves properly to the external IP. Nslookup also reports the internal dns server and points to our external server. When opening a browser internally and typing in the FQDN it says page cannot be displayed. BUT...........
If I'm outside of our network and type it in a browser it DOES bring up the correct page. I did enter in a dns record for this site in our external dns provider.
So the page comes up fine externally but not internally. I've flushed my dns.
Anything else to check?
Thanks,
BW
0
Comment
Question by:bwinkworth
  • 11
  • 10
  • 9
  • +2
33 Comments
 
LVL 6

Expert Comment

by:itnetworkn
ID: 35028258
If your inside you domain when you try to connect to it why don't you just set up DNS to point to the internal IP address?
0
 
LVL 17

Expert Comment

by:Chris Millard
ID: 35028295
Trying creating a CNAME instead of an A record
0
 

Author Comment

by:bwinkworth
ID: 35028298
The internal DNS record points to an external IP (our webserver) which is hosted elsewhere. All other Host records work like www and test.mydomain.com. Possible that 'portal' is some kind of new reserved word in 2008?

Thanks,
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 5

Expert Comment

by:jhill777
ID: 35028304
So is the computer you're working on configured to use the internal DNS server for DNS?
0
 

Author Comment

by:bwinkworth
ID: 35028387
jhill777: Yes my internal computer I'm using here at work has my 2 internal dns servers listed when I do an 'ipconfig /all'
roybridge: I'll try a cname

Thanks
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 35028426

> Trying creating a CNAME instead of an A record

Don't bother, it won't have any effect. Besides, what would you alias to?

If both Ping and NsLookup return the right answer you can rule out DNS entirely. It would be worth finding out what's giving you the page cannot be displayed message. Perhaps run "telnet portal.mydomain.com 80" if it's HTTP or "telnet portal.mydomain.com 443" if it's HTTPS. If those don't connect you have a network problem, not a DNS problem.

Chris
0
 
LVL 5

Expert Comment

by:jhill777
ID: 35028507
What do you have entered in the "Host" field and FQDN field of the A record exactly?  This A record is within your "mydomain" zone, right?  And your "mydomain zone" is the same "mydomain" as portal.mydomain.com, right?
0
 

Author Comment

by:bwinkworth
ID: 35028689
Host field is had the word 'portal' w/o the quotes. The FQDN field fills itself as I'm typing in the portal word in the Host field so FQDN says portal.mydomain.com (I'm substituting my real domain name with 'mydomain' FYI)
Yes the A record is within the 'mydomain' zone and yes the domain zone is identical to the portal.mydomain.com.
Telnet doesn't seem to be doing anything no matter what port I put in on any of our websites
portal-properties.JPG
0
 
LVL 5

Expert Comment

by:jhill777
ID: 35028743
From the external computer I assume you're using IE, yeah?  You enter portal.mydomain.com and it takes you where you want to go.  Does it change the URL to http://portal.mydomain.com, https: or www?
0
 

Author Comment

by:bwinkworth
ID: 35028798
Yes I'm using IE. Externally when I enter portal.mydomain.com it does take me where I want to go. It changes the URL to http://www.mydomain.com/logiin/login.aspx which is where our IIS guy has configured the webpage. Please tell me it's his fault LOL

Thanks man
0
 
LVL 17

Expert Comment

by:Chris Millard
ID: 35028828
Can I just ask. Is your internal domain name mydomain.com or mydomain.local
0
 
LVL 5

Expert Comment

by:jhill777
ID: 35028835
What happens if you type that whole thing out internally in the URL?
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 35028840

Might I suggest that you make sure you can resolve "www.mydomain.com" internally since it changes the URL to that?

Chrios
0
 
LVL 5

Expert Comment

by:jhill777
ID: 35028848
Do you have an A record defined for www?  As in www.mydomain.com with the 199.x.x.x addy you provided earlier?
0
 

Author Comment

by:bwinkworth
ID: 35028872
roybridge: our internal domain is different and its a .int
jhill777: If I type out that url internally it does work. Hmmmm

0
 

Author Comment

by:bwinkworth
ID: 35028896
chris-dent: Yes www.mydomain.com does work and it brings up the page. I have an internal host record that points to the same IP that this portal one is trying to go to which is why I'm scratching my melon on this one :)

Thank you
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 35028922
The only way the URL can change is if the web server you talk to rewrites it or redirects you.

So, should you end up at that login page? Or is that login page failing to load?

Chris
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 35028930

> our internal domain is different and its a .int

Oh lucky you. Don't try and acquire a certificate including any of your internal domain names. .int is reserved for organisations formed by international treaty ;)

Completely unrelated to this though :)

Chris
0
 
LVL 5

Expert Comment

by:jhill777
ID: 35028942
Did you try kicking it?
If that doesn't work maybe scavenge old records on the DNS server?
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 35028958
lol kicking it is surely never inappropriate :)

Chris
0
 
LVL 5

Expert Comment

by:jhill777
ID: 35028993
> our internal domain is different and its a .int


So you need to have a new zone created for mydomain.com as your current zone is mydomain.int with an A record for www and an A record for portal, no?
0
 

Author Comment

by:bwinkworth
ID: 35029014
chris-dent: Niceeeeeeee lol. I'll keep that in mind
I did just talk to our web programmer and the way he has it set for the redirect is with an htaccess file which is edited with ISAPI rewrite. The contents of this file are:
# Helicon ISAPI_Rewrite configuration file
# Version 3.1.0.76

RewriteEngine on

# Redirect non-www version to www
RewriteCond %{HTTPS} (on)?
RewriteCond %{HTTP:Host} ^(?!www\.)(.+)$ [NC]
RewriteCond %{REQUEST_URI} (.+)

RewriteRule .? http(?%1s)://www.%2%3 [R=301,L]
RewriteCond %{HTTP_HOST} portal.mydomain.com
RewriteRule ^(.*)$ http://mydomain.com/login/login.aspx [L]

All jibberish to me but apparently it works.
0
 

Author Comment

by:bwinkworth
ID: 35029045
jhill777: Yes that's how it's setup. We have different zones setup under Forward Lookup Zones. Mydomain.int is our internal zone and mydomain.com is another zone. We also have a mydomain.ca
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 35029058
So lets loop all the way back:

> I've setup an internal Host (A) record to point to our external webserver. The record is portal.mydomain.com

Why? :)

And it's sending you here:

http://mydomain.com/login/login.aspx

Does that URL actually load inside your office?

Chris
0
 
LVL 5

Assisted Solution

by:jhill777
jhill777 earned 400 total points
ID: 35029065
So let's just put the full URL ( http://www.mydomain.com/logiin/login.aspx) in your favorites and name it portal.mydomain.com and select my "Kicking it" as the answer with Chris on the assist for concurring with said kick and call it a day.  lol
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 35029067

Or perhaps more to the point, if the zone is public, and the services within the zone are external, why do you need an internal version of the mydomain.com zone?

Chris
0
 
LVL 5

Expert Comment

by:jhill777
ID: 35029113
Now you're thinkin, Chris.  I concur.  Remove the mydomain.com zone.  Your DNS server for mydomain.int has forwarders configured for external DNS servers so let them handle all exteranl websites...mydomain.com being one of them.  
Kicking it should still get an assist though.  
0
 

Author Comment

by:bwinkworth
ID: 35029136
chris-dent: Yes that url loads up fine in the office. The reason why I have an internal host record pointing outside is because we have a test webserver in our DMZ that is identical to our external one for testing purposes. So test.mydomain.com would point to the 172.x.x.x but portal points outside to the 199.x.x.x
0
 
LVL 71

Accepted Solution

by:
Chris Dent earned 1200 total points
ID: 35029164

You could create a zone called "test.mydomain.com" then add a Host (A) record with a blank name and the internal IP (deleting the mydomain.com zone).

That way you only need maintain the record for test, the rest of the zone looks after itself (normal public resolution), leaving much more time for tetris or other wholesome activities :)

Chris
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 35029173

Of course, there is a point where Split-Brain becomes more desirable. I hit it with mine, continually adding zones can be higher maintenance. But for a very small number it's far less effort :)

Chris
0
 

Author Comment

by:bwinkworth
ID: 35031171
Boosting up the points
0
 

Author Closing Comment

by:bwinkworth
ID: 35031187
Chris I redid the DNS as you said and it works fine now.
jhill777 I liked your 'kickin it' plan so dropped you some points ;)
Thanks a lot everyone,
BW
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 35031459

You're welcome :)

Chris
0

Featured Post

Lessons on Wi-Fi & Recommendations on KRACK

Simplicity and security can be a difficult  balance for any business to tackle. Join us on December 6th for a look at your company's biggest security gap. We will also address the most recent attack, "KRACK" and provide recommendations on how to secure your Wi-Fi network today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

963 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question