Server 2012 Internal DNS blocking a websites javascript or CSS

Greetings experts,

I have a Windows 2012 internal domain.  We use the internal DNS for our environment.  Our internal and external Domain name is the same. (I know, bad idea, but it's been that for years and they didn't want to change)
The website is hosted externally by

They have a picture section on the website.  You chose a picture for a close up and it pops up with text describing the picture.  The Web designer told me he uses javascript and CSS for the close up picture / text.

If you are outside the network everything works fine.  If you are on the network, the picture pops up, without the text below.  

I worked the problem, and was able to view on the server itself.
On the desktops, I was able to view the text if I take out the internal DNS and insert: (Google DNS).
I tried to set the Internal DNS as second, but when I do that the internal server name is resolving to the external IP, no good due to exchange and file server.  

Any idea on how to tell the DNS server to let the script through?  I changed all the Internet option settings on the desktop without luck.  Only thing I can think of is to manually put an entry in the host file,  but that is a little funky..  Also added as a forwarder on the DNS server, no good.

Any help would be appreciated..
Kacey FernSystem EngineerAsked:
Who is Participating?
Kacey FernSystem EngineerAuthor Commented:
Thanks Dan..

I just checked back and now it's working.  I added as a DNS forwarder the other day, but it didn't work.  It must have just took time to catch up.

lets let it run for a few days and make sure it sticks..
Thanks for your efforts..
Daniel McAllisterPresident, IT4SOHO, LLCCommented:
The problem is not with the script, it is with your DNS setup.

If you query the OUTSIDE world, resolves via DNS to the file on the webserver at (at your hosting company).

However, if you query from INSIDE your LAN, resolves via DNS to the file on the local 2012 server at (inside your LAN).

The problem is that these are different places with the same name (even though the name likely does not exist at the 2012 server).

Any solution you use is going to have to resolve this problem. Here are some options:
 1) synch your public website to the 2012 server, so that the contents on the hosted server are replicated on the local server. NOTE: There may be some functionality that breaks -- depends on what you have going on at your website, but most java and CSS things should work fine.
 2) change your 2012 web service to act as a proxy to the external server (that is, redirect all internal website queries back out to the hosted server).
 3) change your internal domain name to NOT end in a TLD (thus, the prevalence of .local)
 4) change the internal and external hostnames (like www) so that you can identify from within the LAN whether you want the internal or external website. (NOTE: This may require some adjustments on the external site to accommodate the likes of "" being the same as "" on that server (much less just plain "" on that server.
 5) change the local DNS server to resolve and @ (or, just plain "" to point to the extenal site -- then use a different hostname for the internal site -- like, or internal.yourdomain.dom.

There are other ways -- you just have to think about how the computer (both DNS and the webserver that DNS points it to) handles the requests.

Good Luck!

Kacey FernSystem EngineerAuthor Commented:
Thanks for the reply Dan..

If the Internal query points to the 2012 server, how come the picture pops up?  There is no pictures on the Internal server.  

Maybe I'm missing something, but if the correct picture pops up when I click the link, then I'm assuming it's querying the web server, not the 2012 server.  

Is you type in internally it brings you to the external website.

Only problem is that internally, the text under the picture does not appear when I'm inside my network.

Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

Daniel McAllisterPresident, IT4SOHO, LLCCommented:
OK, so if you query internally, and the site comes up, then there is something else on the site that's not resolving properly (or else this isn't a DNS issue at all).

Look to your code on the site -- when the javascript runs (or the CSS loads) it does so with a link into some place on the site... does it reference it differently? Maybe resolves properly, but not on your internal domain?

Perhaps you should look to your external DNS zone file and see all of the entries that point to your hosted server (@, www, and all of the others) and make sure that those same entries exist on the local DNS server (and point to the same hosted site).

You should also make sure any CNAME values are duplicated.

I think the issue might be that you're assuming some kind of failover within DNS -- as-in:
if I query and the local DNS server doesn't have it, it'll look outside to resolve it.

That won't work because your local DNS server is going to report itself as "authoritative" for the domain "" -- so if it doesn't have the data, no one else is supposed to have it either.

In answer to your follow-up - I'm not aware of any DNS server (Microsoft or other) that will answer from local files, and if not found, do a recursive internet query to attempt to resolve a client query. That's just not how DNS works.

I hope this helps.

Kacey FernSystem EngineerAuthor Commented:
I'll look at the code as soon as a computer frees up.  
2 points:

If I change the DNS server on the desktop to the site works fine.  So it tells me it has to be DNS due to making that change resolves the issue.

When you go to the section where the pictures are listed say:
You are then presented with about 10 tiles to click.  Once you click a tile a pop up happens and the URL in the browser does not change.  The box pops up with the picture with the text if outside the environment, without text inside the environment.
Daniel McAllisterPresident, IT4SOHO, LLCCommented:
OK, I think you missed something... let me try again:

First, let's look at the structure of the website:
 - You load pictures in an html frame, and then have a javascript program that allows you view the full detail picture, much larger. Probably, there are 2 versions of the image on the server -- one small one for the html frame, and a larger one accessed by the javascript.
 - When you go to the webpage, you load the small images
 - When you mouse over an image (or perhaps click on it), your browser loads the larger one thanks to the javascript.
 - Everything works when you use your external DNS server (the one the rest of the world uses)

Now, understand that for every image you're mousing over, you're doing an html lookup (the javascript is going out there to load the full-size image.... and when it does so, it goes to a URL -- which causes a new DNS lookup, I'm guessing, but it seems likely that the javascript (or php, potentially) doesn't use the same DNS hostname that you used to access the website (or the smaller images).

In detail:
 - You open
 - The webpage loads (among others)
 - You mouse over the image a-small.jpg, and the javascript says to load

The issue you're seeing is that, to the outside world's DNS, the domain resolves www, server, and images all perfectly well (and, presumably to the same host).... and all is good with the website.

BUT - move into your LAN, where you have a separate, authoritative DNS service for You've done what you can, so far, so that points to the external webserver, as does but when you mouse over the image and the javascript tries to get the full-size image from, the location fails because your internal DNS server doesn't have the right address (if any address) for

Of course, I don't know the REAL domain or host names you're using, but the example should suffice...

Thus, my recommendation remains: you should get a full listing of all A records and CNAME records for your domain from the public-facing DNS server.... then make sure ALL of those records have the same values in your LAN-based DNS server.

You do NOT need to match up other types of records (TXT, SPF, MX, NS, SOA, etc...) - ONLY the A records and CNAME records matter in this case. [NOTE: Some may, indeed, not matter -- like or -- but the more you skip over, the more likely you're skipping over the one that is breaking the website]

I hope this explains better... and helps you to resolve the issue.

Kacey FernSystem EngineerAuthor Commented:
The fix was to add Google's DNS as a forwarder to the internal DNS server.  It didn't work right away, but the next day everything started working.  Thanks for all your help.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.