SBS 2011 resolves external domain name to server LAN IP address

Hello all

I've just set up my first SBS2011 installation and everything seems to be working except one thing: If I ping the company's externally hosted website by name the replies come back from the LAN IP address of the SBS server.

I've followed the MS recommendation to use the "remote" prefix for all remote access including email, but the server seems to be assuming that it's hosting the company website, which it most definitely isn't.

The Exchange server is quite happy to send and receive email for the company at, but as the server isn't resolving the website correctly I want to fix it to avoid problems in the future.

I've pinged no end of other domain names with all manner of TLD suffixes without any errors or problems; it's just the company external website that is not resolving correctly.

I've considered replacing the server LAN IP in the DNS forward lookup zone web server section with that of the ISP's DNS servers, but I'm reluctant to do this without taking advice first, as this is the only part of the installation that doesn't seem to be working properly.

I would very much appreciate good counsel on this issue.
LVL 15
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

is your Active Directory domain name the same as the website?

if so you will have to add DNS records on your internal DNS server to point to the external addresses
lojk.Net and Infrastructure ConsultantCommented:
as brendan suggests adding a WWW record to point to the IP or Hostname of the website server should sort it (for internal users whose DNS server is that of the local/internal Domain Server).

The reply you are actually getting is the (lack of www) record for the root/default of the locally named domain.
Larry Struckmeyer MVPCommented:
Adding for clarity:

The suggestion is that the SBS server was (most likely) setup with the local domain/AD name of, whereas the suggested convention is company.local or beer.local or anything but the external name.
SD-WAN: Making It Work for You

As bandwidth requirements and Internet costs grow, businesses naturally want to manage budgets by reducing reliance on their most expensive connection types. Learn more about how to make SD-WAN work for your business in our upcoming webinar!

PerarduaadastraAuthor Commented:

Thanks for your interest.

The local domain name is entirely different from the company's public domain name, and ends in .local as per MS recommended practice.

The only place that the public domain name was used during setup was when the Exchange server was being set up, so that email would be routed to the latter via  
The email is working as expected.

If it is necessary to add or modify DNS records on the SBS box, which one(s) need to be changed?
You need to setup the the Forward Lookup zone as per your external domain and create a Host A record for you website URL with the ISP IP. When creating a zone also remember to set appropriate MX record entries for your email server.
PerarduaadastraAuthor Commented:
Abdulalikhan, can you give/show me a walkthrough of exactly what I should do?

It also appears that a number of sites, especially ones that use secure connections, don't load in IE, saying "Cannot display web page", which may or may not be related to this issue.

The MX record setup appears to be correct, as the email works fine, so I don't want to fix anything that isn't broken...
Actually secure websites is not realted to this and is a different problem.

For DNS when you create a Zone for all the name resolution for for internal users will be entertained by this zone. For name resolution for you need to enter the proper host 'A' record or appropriate DNS record.

For your scenario you need to enter atleast two host A record,
PerarduaadastraAuthor Commented:
I've just looked in the Forward Lookup Zones at the zone and I can see that the name server is the SBS box, and the A record is its LAN IP address.

Should I replace the A record with the IP address that I get when I ping from outside the local domain?

Or should I add another A record with this information?

Also, the name server field seems to expect a name and not an IP address, so how do I tell the zone about the ISP's name servers?
If the 'www' entry exist then modify it and point it to the public IP address. If the entry dont exist then create one with the public IP address.

No need to put the ISP server name.
DrDave242Senior Support EngineerCommented:
Just to clarify, when you say you're pinging the website by name from inside the network, are you pinging or  It makes a big difference in this case.
PerarduaadastraAuthor Commented:
Well, the plot thickens...

It seems that, for reasons known only to itself, the SBS setup generated a forward lookup zone for, in addition to the ones needed for mail, OWA, etc. at
I've deleted this zone, and flushed the DNS caches on the client machines, and, lo and behold, everything seems to work properly now.

I'm going to wait a day or two to make sure I haven't exchanged one problem for a dozen others, but so far it's looking good.
Hope the problem dont appear again.
PerarduaadastraAuthor Commented:
Deleting the forward lookup zone for the external domain name seems to have cured the problem entirely - there have been no more DNS issues.

As the solution wasn't suggested by any of the contributors (my thanks to you all anyway), it seems reasonable to accept my own input as the answer.
If there are no objections to this I will close the question in a couple of days.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
PerarduaadastraAuthor Commented:
The solution wasn't suggested by any of the contributors, so it seems reasonable to accept my own input as the answer.<br />I still don't know why SBS 2011 setup added the forward lookup zone for the external domain name to the server's DNS records, but deleting it has certainly fixed the problem.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.