Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Web site access from an internal network

Posted on 2014-02-20
6
Medium Priority
?
427 Views
Last Modified: 2014-02-26
Ok, I am having an issue, as always I am having to fix someone else's doings when it comes to this network.

Problem, the company recently purchased the support of an outside vendor to create and maintain the new website.  So now the internal network is no longer hosting the website.

So the next step I had to do was to have the two A records changed to the new external IP address, great and the website is up and running from the external side.

You are able to access the website from everywhere across the internet, just not from the internal network.

Now here is where the problem gets interesting:

1. In the DNS Zones, the zone for that particular zone exists inside of the domain tree structure.  The original records for the xyz.com and the www.xyz.com were deleted from the DNS zone.

So I have that DNS structure
XYZDC1, Forward look up, we then have XYZ.corp which is the main local domain, then there is the XYZ.com zone.

I have searched all over the internet for possible solutions.  I have even gone into that particular zone and created an A record for XYZ.com to point to the new external IP address,
restarted DNS, flushed, and registered and cleaned the cache, but still unable to access the website from the inside.

Now for a simple work around in the DHCP server scope so that everyone could access the website, and it has allowed me some time to get this resolved, I added the Google DNS server 8.8.8.8 as the main DNS server, and all of our servers as secondary.

My thought is to delete that particular zone all together.

But would like some input before i do this, or if there is a better solution to this mess, that was thrown in my lap.
0
Comment
Question by:ttorno
  • 4
  • 2
6 Comments
 
LVL 41

Accepted Solution

by:
footech earned 2000 total points
ID: 39875768
Let me see if I'm understanding your situation.  Let me know if any of the following are incorrect.
-In DNS you have two forward lookup zones, one for xyz.corp, and one for xyz.com.
-Your AD domain is xyz.corp

What records are present in the xyz.com zone?  Is there such an AD domain in your organization?  Do you need to resolve both "xyz.com" and "www.xyz.com" to the website?

Having Google's DNS server assigned as preferred DNS for clients will cause issues when trying to resolve any internal names.
0
 

Author Comment

by:ttorno
ID: 39875862
Oh, I know oh to well the ramifications for using the Google DNS server as a primary server on a domain environment, but because this is all Hodge podge of a setup, I am the one who has to fix the issues.  The external was only a temporary fix so that certain people could access the website internally that day.  It was just to buy me a few more hours to solve.

the www.xyz.com zone in DNS structure does not need to resolve anything to the outside world anymore.  I went in earlier this evening and deleted 6 records out of the particular zone.  I waited an hour to make sure DNS internally replicated properly, and no errors were found.

So then around an hour before I was done for the day, I paused that particular zone all across the domain, and made sure nothing stopped internally.

And with a test PC, I use the Primary AD/DC as the main DNS server, and was still unable to resolve the website internally.

What strikes me as funny, if I remove the external Google DNS server from the DHCP server and restart all the services and flush everything out, every PC that is not a member of the domain, but connected to the internet, these machines are able to access the website.

The sad thing is I only have so much time during the day to work on this issue, before I get pulled off to work on other "Fires" for the customer base.

I have checked both firewall appliances, and even had one of the remote support monitor the traffic to see what they could see.  So with the www.xyz.com zone paused and not replicating across the domain, I should be able to focus a little bit more attention to the issue.

Note:
The two Host records have been changed to point from our external IP address to the Hosting site's external IP, and if you do a DNS look-up you see the correct IP address.
0
 
LVL 41

Assisted Solution

by:footech
footech earned 2000 total points
ID: 39876045
So you're saying the zone is "www.xyz.com" and not "xyz.com"?  If you could provide a screenshot that could clear up any confusion.

Pausing a zone won't allow the request to be passed on to other servers in the same way that would occur if the zone didn't exist.

Removing the unneeded zone is probably the right course, but I'm not saying it yet because of my confusion on what is currently in place.
0
Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

 

Assisted Solution

by:ttorno
ttorno earned 0 total points
ID: 39877278
Thank you guys for all of your input, the problem has been solved.

The problem was I inherited this bazaar network, that was not properly taken care of, so everything was built upon what the last guy did, and nothing was ever done to straighten the entire mess out.

 So here goes the solution:

The internal DNS zone was xyz.corp  the main zone for the entire company, and the secondary zone of xyz.com.

So yesterday I went through both zones with a fine tooth comb, and noticed several duplicate A records one in each zone.  Well the zone I was wanting to delete I made sure to delete several of the A records, and then wait for replication.  Nothing stopped, which was a major relief.  So this morning I made sure I had a good solid backup of the server and I copied all of the last remaining records down so if all failed I could reinstate it.
Once I deleted that zone, I made sure to clear all of the cached information, and restart all of the services as well.
And sure enough the external website showed up, and I was able to remove the external DNS server out of DHCP's DNS scope.  All is working now.

My only problem is, I wish management would of discussed the change with the rest of the entire IT department, before the changes were done and all could of been properly planned out.
I guess that is what I get, when the people in charge just take off running and expect instant gratification, before finding out if there will be any repercussions due to their actions...

Now off to the new fire.....
0
 

Author Comment

by:ttorno
ID: 39877288
Thank you all for your time and support.
0
 

Author Closing Comment

by:ttorno
ID: 39888291
Both users were able to allow me to look in a bit closer at the issue, which was then solved.
0

Featured Post

Lessons on Wi-Fi & Recommendations on KRACK

Simplicity and security can be a difficult  balance for any business to tackle. Join us on December 6th for a look at your company's biggest security gap. We will also address the most recent attack, "KRACK" and provide recommendations on how to secure your Wi-Fi network today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

These instructions are based on installing Owncloud on your new raspberry pi connected with a usb HDD. What do you need Part A? A Raspberry Pi, model B. A boot SD card for the Raspberry Pi. A usb HDD An Ethernet cable to connect to the lo…
To properly understand GitHub, let’s divide it into two words ‘Git’ and ‘Hub’. Git is basically a ‘Distribution Version Control’ (DVC) and ‘Source Code Management’ (SCM) system widely used by software programmers while Hub means the efficient centre…
The purpose of this video is to demonstrate how to set up the WordPress backend so that each page automatically generates a Mailchimp signup form in the sidebar. This will be demonstrated using a Windows 8 PC. Tools Used are Photoshop, Awesome…
this video summaries big data hadoop online training demo (http://onlineitguru.com/big-data-hadoop-online-training-placement.html) , and covers basics in big data hadoop .

963 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question