Solved

Server 2008 DNS Server internal domain and external website domain same name issue.  Need to access external domain (company website) internally without using www.

Posted on 2013-05-15
8
745 Views
Last Modified: 2013-05-23
Hello:

My clients dns server domain is the same as their company website domain.  I understand about adding the a record with "www" pointing to the website host ip which I have done.  My problem is that we need to be able to access the same domain externally without using the "www" prefix.  We need to be able to open the site using just domain.com due to the way the site is coded.  Would this be a forwarder that needs to be created so they can access it internally?  Any help on this would be appreciated.
0
Comment
Question by:NJTech22
  • 4
  • 3
8 Comments
 
LVL 4

Expert Comment

by:Rsilva98
Comment Utility
You need to configure  your DNS with an
@ A record that points to your web server.

For example if you have your domain.com and your webserver at xxx.xxx.xxx.1 then you would have an entry like @ A xxx.xxx.xxx.1
0
 

Author Comment

by:NJTech22
Comment Utility
Thanks for the reply.  I have already added the a record with the external ip and left the host field blank (@).  So there are now two a records like this listed in dns.  One that points to the internal domain server ip address and one that points to the external website ip address.  It seems the internal ip address is taking precedence because I am unable to resolve the domain to my external website without using www on any of the client computers.  I tried deleting the a record that points to the internal ip address but it recreates itself.  I am able to browse to the site on the client desktops after I delete it but once it recreates itself it no longer works.  Do I make sense?
0
 
LVL 78

Expert Comment

by:David Johnson, CD, MVP
Comment Utility
externally you need to set your registrars dns setting to your external address.
Your domain needs to resolve itself which is why you can't delete it permanently.

For the website can't you change the bindings to have both the www and the non-www entries in iis?

Are you hosting the website within your domain or is it externally hosted?

What we have done is have all the local machines to be a member of corp.example.com as we can no longer get certificates for example.local to work around the external/internal naming problem.

Coming from the outside you can use a router to send all port 80 http requests to a particular machine but internally you can't

For example at your registrar you set your name server entries to ns1.example.com 172.10.10.10 and ns2.example.com to 173.10.10.11

An external user then looks up example.com which then goes to root servers and then to your name server entries   and resolves the name to 172.10.10.10 and then port 80 tcp is redirected to 192.168.10.10
internally it uses the local dns server which it just picks a domain controller at random. (whichever answers first) which then resolves the address to its internal address or whatever dns entries you have in the dhcp settings. Best practices is to have more than 1 dns server i.e. 192.168.10.10 and 192.168.10.11 and if you just do a http:\\example.com it may resolve to either 10.10 or 10.11 as these dns servers are authoritative for example .com
0
 

Author Comment

by:NJTech22
Comment Utility
The website is hosted externally.  The domain registrars dns settings are already pointing to the external web host ip address.  The webdesigner has all the links within the website using domain.com rather than www.domain.com so this is where I believe the issue is.  Unfortunately it is a lot of work to redo all the links to include www so that is what we are trying to avoid.
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 78

Expert Comment

by:David Johnson, CD, MVP
Comment Utility
You may not be able to access that site from within your network. as example.com should point to your network ONLY.  You could host the website on your LAN ???

What is more work?  changing the links to either relative links without the http:\\example.com\pages\pag1.htm -> \pages\pag1.htm or even a search and replace for http:\\example.com to http:\\www.example.com THAT OR restructuring your domain to  something like internal.example.com ??
0
 

Author Comment

by:NJTech22
Comment Utility
The web admin is giving a hard time about updating the links on the site. Is it possible to restructure the domain to something like internal.example.com?  If so how would I go about that without causing a ruckus?
0
 
LVL 78

Accepted Solution

by:
David Johnson, CD, MVP earned 500 total points
Comment Utility
The web admin is an %%% opening the website in an ide and doing a global search and replace for www.example.com\ to \ is trivlal unless it is coded using notepad

As for moving your users to internal.example.com is something that is usually done in the planning stages of a network and has the potential of being disruptive to your business . You will have to go through each group policy.. Either way can be done but really the hard coded links have to go.
0
 

Author Closing Comment

by:NJTech22
Comment Utility
After speaking with the web designer and declining his request for me to reconfigure the server, he will be updating all the links on the site to include www so hopefully this will soon be resolved.  Thanks everyone for your quick and knowledgeable responses.  Much appreciated.
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

OfficeMate Freezes on login or does not load after login credentials are input.
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now