Server 2012 Internal DNS blocking a websites javascript or CSS

Posted on 2013-11-12
Medium Priority
Last Modified: 2013-12-10
Greetings experts,

I have a Windows 2012 internal domain.  We use the internal DNS for our environment.  Our internal and external Domain name is the same. (I know, bad idea, but it's been that for years and they didn't want to change)
The website is hosted externally by ipower.com

They have a picture section on the website.  You chose a picture for a close up and it pops up with text describing the picture.  The Web designer told me he uses javascript and CSS for the close up picture / text.

If you are outside the network everything works fine.  If you are on the network, the picture pops up, without the text below.  

I worked the problem, and was able to view on the server itself.
On the desktops, I was able to view the text if I take out the internal DNS and insert: (Google DNS).
I tried to set the Internal DNS as second, but when I do that the internal server name is resolving to the external IP, no good due to exchange and file server.  

Any idea on how to tell the DNS server to let the script through?  I changed all the Internet option settings on the desktop without luck.  Only thing I can think of is to manually put an entry in the host file,  but that is a little funky..  Also added as a forwarder on the DNS server, no good.

Any help would be appreciated..
Question by:Kacey Fern
  • 4
  • 3
LVL 21

Expert Comment

by:Daniel McAllister
ID: 39644837
The problem is not with the script, it is with your DNS setup.

If you query the OUTSIDE world, www.yourdomain.com/images/stuff.jpg resolves via DNS to the www.yourdomain.com/images/stuff.jpg file on the webserver at (at your hosting company).

However, if you query from INSIDE your LAN, www.yourdomain.com/images/stuff.jpg resolves via DNS to the www.yourdomain.com/images/stuff.jpg file on the local 2012 server at (inside your LAN).

The problem is that these are different places with the same name (even though the name likely does not exist at the 2012 server).

Any solution you use is going to have to resolve this problem. Here are some options:
 1) synch your public website to the 2012 server, so that the contents on the hosted server are replicated on the local server. NOTE: There may be some functionality that breaks -- depends on what you have going on at your website, but most java and CSS things should work fine.
 2) change your 2012 web service to act as a proxy to the external server (that is, redirect all internal website queries back out to the hosted server).
 3) change your internal domain name to NOT end in a TLD (thus, the prevalence of .local)
 4) change the internal and external hostnames (like www) so that you can identify from within the LAN whether you want the internal or external website. (NOTE: This may require some adjustments on the external site to accommodate the likes of "external.mydomain.com" being the same as "www.mydomain.com" on that server (much less just plain "mydomain.com" on that server.
 5) change the local DNS server to resolve www.yourdomain.com and @ (or, just plain "yourdomain.com" to point to the extenal site -- then use a different hostname for the internal site -- like local.yourdomain.com, or internal.yourdomain.dom.

There are other ways -- you just have to think about how the computer (both DNS and the webserver that DNS points it to) handles the requests.

Good Luck!


Author Comment

by:Kacey Fern
ID: 39644882
Thanks for the reply Dan..

If the Internal query points to the 2012 server, how come the picture pops up?  There is no pictures on the Internal server.  

Maybe I'm missing something, but if the correct picture pops up when I click the link, then I'm assuming it's querying the web server, not the 2012 server.  

Is you type in www.mydomain.com internally it brings you to the external website.

Only problem is that internally, the text under the picture does not appear when I'm inside my network.

LVL 21

Expert Comment

by:Daniel McAllister
ID: 39644940
OK, so if you query www.yourdomain.com internally, and the site comes up, then there is something else on the site that's not resolving properly (or else this isn't a DNS issue at all).

Look to your code on the site -- when the javascript runs (or the CSS loads) it does so with a link into some place on the site... does it reference it differently? Maybe css.yourdomain.com resolves properly, but not on your internal domain?

Perhaps you should look to your external DNS zone file and see all of the entries that point to your hosted server (@, www, and all of the others) and make sure that those same entries exist on the local DNS server (and point to the same hosted site).

You should also make sure any CNAME values are duplicated.

I think the issue might be that you're assuming some kind of failover within DNS -- as-in:
if I query servera.yourdomain.com and the local DNS server doesn't have it, it'll look outside to resolve it.

That won't work because your local DNS server is going to report itself as "authoritative" for the domain "yourdomain.com" -- so if it doesn't have the data, no one else is supposed to have it either.

In answer to your follow-up - I'm not aware of any DNS server (Microsoft or other) that will answer from local files, and if not found, do a recursive internet query to attempt to resolve a client query. That's just not how DNS works.

I hope this helps.

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.


Author Comment

by:Kacey Fern
ID: 39645727
I'll look at the code as soon as a computer frees up.  
2 points:

If I change the DNS server on the desktop to the site works fine.  So it tells me it has to be DNS due to making that change resolves the issue.

When you go to the section where the pictures are listed say:  www.mydomain.com/surfaces/stone-tile-slab/limestone_tiles/index.php
You are then presented with about 10 tiles to click.  Once you click a tile a pop up happens and the URL in the browser does not change.  The box pops up with the picture with the text if outside the environment, without text inside the environment.
LVL 21

Assisted Solution

by:Daniel McAllister
Daniel McAllister earned 2000 total points
ID: 39647933
OK, I think you missed something... let me try again:

First, let's look at the structure of the website:
 - You load pictures in an html frame, and then have a javascript program that allows you view the full detail picture, much larger. Probably, there are 2 versions of the image on the server -- one small one for the html frame, and a larger one accessed by the javascript.
 - When you go to the webpage, you load the small images
 - When you mouse over an image (or perhaps click on it), your browser loads the larger one thanks to the javascript.
 - Everything works when you use your external DNS server (the one the rest of the world uses)

Now, understand that for every image you're mousing over, you're doing an html lookup (the javascript is going out there to load the full-size image.... and when it does so, it goes to a URL -- which causes a new DNS lookup, I'm guessing, but it seems likely that the javascript (or php, potentially) doesn't use the same DNS hostname that you used to access the website (or the smaller images).

In detail:
 - You open http://www.mydomain.com/index.php
 - The webpage loads http://server.mydomain.com/images/a-small.jpg (among others)
 - You mouse over the image a-small.jpg, and the javascript says to load http://images.mydomain.com/images/a-large.jpg

The issue you're seeing is that, to the outside world's DNS, the domain mydomain.com resolves www, server, and images all perfectly well (and, presumably to the same host).... and all is good with the website.

BUT - move into your LAN, where you have a separate, authoritative DNS service for mydomain.com. You've done what you can, so far, so that www.mydomain.com points to the external webserver, as does server.mydomain.com... but when you mouse over the image and the javascript tries to get the full-size image from images.mydomain.com, the location fails because your internal DNS server doesn't have the right address (if any address) for images.mydomain.com.

Of course, I don't know the REAL domain or host names you're using, but the example should suffice...

Thus, my recommendation remains: you should get a full listing of all A records and CNAME records for your domain from the public-facing DNS server.... then make sure ALL of those records have the same values in your LAN-based DNS server.

You do NOT need to match up other types of records (TXT, SPF, MX, NS, SOA, etc...) - ONLY the A records and CNAME records matter in this case. [NOTE: Some may, indeed, not matter -- like dns1.mydomain.com or mail.mydomain.com -- but the more you skip over, the more likely you're skipping over the one that is breaking the website]

I hope this explains better... and helps you to resolve the issue.


Accepted Solution

Kacey Fern earned 0 total points
ID: 39648728
Thanks Dan..

I just checked back and now it's working.  I added as a DNS forwarder the other day, but it didn't work.  It must have just took time to catch up.

lets let it run for a few days and make sure it sticks..
Thanks for your efforts..

Author Closing Comment

by:Kacey Fern
ID: 39708058
The fix was to add Google's DNS as a forwarder to the internal DNS server.  It didn't work right away, but the next day everything started working.  Thanks for all your help.

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you have a multi-homed DNS setup in windows, you can have issues with connectivity to the server that hosts the DNS services (or even member servers of your domain if this same DNS server is a DC). This is because windows registers all of its IPs…
I will assume you are running a non-server version of some sort of Windows throughout this article. There are many flavors of Windows since Windows Server 2000 - 2008, XP Home & Pro, Vista Home & Pro, and Windows 7 Starter, Home, Pro, Ultimate, etc.…
SQL Database Recovery Software repairs the MDF & NDF Files, corrupted due to hardware related issues or software related errors. Provides preview of recovered database objects and allows saving in either MSSQL, CSV, HTML or XLS format. Ensures recov…
Is your organization moving toward a cloud and mobile-first environment? In this transition, your IT department will encounter many challenges, such as navigating how to: Deploy new applications and services to a growing team Accommodate employee…
Suggested Courses

569 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question