Solved

SBS 2011 resolves external domain name to server LAN IP address

Posted on 2012-03-10
14
1,274 Views
Last Modified: 2012-04-02
Hello all


I've just set up my first SBS2011 installation and everything seems to be working except one thing: If I ping the company's externally hosted website by name the replies come back from the LAN IP address of the SBS server.

I've followed the MS recommendation to use the "remote" prefix for all remote access including email, but the server seems to be assuming that it's hosting the company website, which it most definitely isn't.

The Exchange server is quite happy to send and receive email for the company at companyname.biz, but as the server isn't resolving the companyname.biz website correctly I want to fix it to avoid problems in the future.

I've pinged no end of other domain names with all manner of TLD suffixes without any errors or problems; it's just the company external website that is not resolving correctly.

I've considered replacing the server LAN IP in the DNS forward lookup zone web server section with that of the ISP's DNS servers, but I'm reluctant to do this without taking advice first, as this is the only part of the installation that doesn't seem to be working properly.

I would very much appreciate good counsel on this issue.
0
Comment
Question by:Perarduaadastra
14 Comments
 
LVL 14

Expert Comment

by:brendanmeyer
ID: 37705812
is your Active Directory domain name the same as the website?

if so you will have to add DNS records on your internal DNS server to point to the external addresses
0
 
LVL 9

Expert Comment

by:lojk
ID: 37705831
as brendan suggests adding a WWW record to point to the IP or Hostname of the website server should sort it (for internal users whose DNS server is that of the local/internal Domain Server).

The reply you are actually getting is the (lack of www) record for the root/default of the locally named domain.
0
 
LVL 21

Expert Comment

by:Larry Struckmeyer MVP
ID: 37705895
Adding for clarity:

The suggestion is that the SBS server was (most likely) setup with the local domain/AD name of company.biz, whereas the suggested convention is company.local or beer.local or anything but the external name.
0
 
LVL 15

Author Comment

by:Perarduaadastra
ID: 37706878
Hi

Thanks for your interest.

The local domain name is entirely different from the company's public domain name, and ends in .local as per MS recommended practice.

The only place that the public domain name was used during setup was when the Exchange server was being set up, so that email would be routed to the latter via remote.companyname.biz  
The email is working as expected.

If it is necessary to add or modify DNS records on the SBS box, which one(s) need to be changed?
0
 
LVL 7

Expert Comment

by:abdulalikhan
ID: 37708964
You need to setup the the Forward Lookup zone as per your external domain and create a Host A record for you website URL with the ISP IP. When creating a zone also remember to set appropriate MX record entries for your email server.
0
 
LVL 15

Author Comment

by:Perarduaadastra
ID: 37709010
Abdulalikhan, can you give/show me a walkthrough of exactly what I should do?

It also appears that a number of sites, especially ones that use secure connections, don't load in IE, saying "Cannot display web page", which may or may not be related to this issue.

The MX record setup appears to be correct, as the email works fine, so I don't want to fix anything that isn't broken...
0
 
LVL 7

Expert Comment

by:abdulalikhan
ID: 37709030
Actually secure websites is not realted to this and is a different problem.

For DNS when you create a Zone for companyname.biz all the name resolution for companyname.biz for internal users will be entertained by this zone. For name resolution for companyname.biz you need to enter the proper host 'A' record or appropriate DNS record.

For your scenario you need to enter atleast two host A record,

www.companyname.biz
remote.companyname.biz
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 15

Author Comment

by:Perarduaadastra
ID: 37710762
I've just looked in the Forward Lookup Zones at the companyname.biz zone and I can see that the name server is the SBS box, and the A record is its LAN IP address.

Should I replace the A record with the IP address that I get when I ping www.companyname.biz from outside the local domain?

Or should I add another A record with this information?

Also, the name server field seems to expect a name and not an IP address, so how do I tell the zone about the ISP's name servers?
0
 
LVL 7

Expert Comment

by:abdulalikhan
ID: 37711733
If the 'www' entry exist then modify it and point it to the public IP address. If the entry dont exist then create one with the public IP address.

No need to put the ISP server name.
0
 
LVL 25

Expert Comment

by:DrDave242
ID: 37711937
Just to clarify, when you say you're pinging the website by name from inside the network, are you pinging companyname.biz or www.companyname.biz?  It makes a big difference in this case.
0
 
LVL 15

Author Comment

by:Perarduaadastra
ID: 37712411
Well, the plot thickens...

It seems that, for reasons known only to itself, the SBS setup generated a forward lookup zone for companyname.biz, in addition to the ones needed for mail, OWA, etc. at remote.companyname.biz.
I've deleted this zone, and flushed the DNS caches on the client machines, and, lo and behold, everything seems to work properly now.

I'm going to wait a day or two to make sure I haven't exchanged one problem for a dozen others, but so far it's looking good.
0
 
LVL 7

Expert Comment

by:abdulalikhan
ID: 37713175
Hope the problem dont appear again.
0
 
LVL 15

Accepted Solution

by:
Perarduaadastra earned 0 total points
ID: 37744124
Deleting the forward lookup zone for the external domain name seems to have cured the problem entirely - there have been no more DNS issues.

As the solution wasn't suggested by any of the contributors (my thanks to you all anyway), it seems reasonable to accept my own input as the answer.
If there are no objections to this I will close the question in a couple of days.
0
 
LVL 15

Author Closing Comment

by:Perarduaadastra
ID: 37795190
The solution wasn't suggested by any of the contributors, so it seems reasonable to accept my own input as the answer.<br />I still don't know why SBS 2011 setup added the forward lookup zone for the external domain name to the server's DNS records, but deleting it has certainly fixed the problem.
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Occasionally you run into the website or two that will not resolve properly using your own DNS servers.  Some people simply set up global forwarders for their DNS server.  I don’t recommend doing this because it can cause problems resolving addresse…
Resolve DNS query failed errors for Exchange
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now