Solved

Web site access from an internal network

Posted on 2014-02-20
6
418 Views
Last Modified: 2014-02-26
Ok, I am having an issue, as always I am having to fix someone else's doings when it comes to this network.

Problem, the company recently purchased the support of an outside vendor to create and maintain the new website.  So now the internal network is no longer hosting the website.

So the next step I had to do was to have the two A records changed to the new external IP address, great and the website is up and running from the external side.

You are able to access the website from everywhere across the internet, just not from the internal network.

Now here is where the problem gets interesting:

1. In the DNS Zones, the zone for that particular zone exists inside of the domain tree structure.  The original records for the xyz.com and the www.xyz.com were deleted from the DNS zone.

So I have that DNS structure
XYZDC1, Forward look up, we then have XYZ.corp which is the main local domain, then there is the XYZ.com zone.

I have searched all over the internet for possible solutions.  I have even gone into that particular zone and created an A record for XYZ.com to point to the new external IP address,
restarted DNS, flushed, and registered and cleaned the cache, but still unable to access the website from the inside.

Now for a simple work around in the DHCP server scope so that everyone could access the website, and it has allowed me some time to get this resolved, I added the Google DNS server 8.8.8.8 as the main DNS server, and all of our servers as secondary.

My thought is to delete that particular zone all together.

But would like some input before i do this, or if there is a better solution to this mess, that was thrown in my lap.
0
Comment
Question by:ttorno
  • 4
  • 2
6 Comments
 
LVL 39

Accepted Solution

by:
footech earned 500 total points
Comment Utility
Let me see if I'm understanding your situation.  Let me know if any of the following are incorrect.
-In DNS you have two forward lookup zones, one for xyz.corp, and one for xyz.com.
-Your AD domain is xyz.corp

What records are present in the xyz.com zone?  Is there such an AD domain in your organization?  Do you need to resolve both "xyz.com" and "www.xyz.com" to the website?

Having Google's DNS server assigned as preferred DNS for clients will cause issues when trying to resolve any internal names.
0
 

Author Comment

by:ttorno
Comment Utility
Oh, I know oh to well the ramifications for using the Google DNS server as a primary server on a domain environment, but because this is all Hodge podge of a setup, I am the one who has to fix the issues.  The external was only a temporary fix so that certain people could access the website internally that day.  It was just to buy me a few more hours to solve.

the www.xyz.com zone in DNS structure does not need to resolve anything to the outside world anymore.  I went in earlier this evening and deleted 6 records out of the particular zone.  I waited an hour to make sure DNS internally replicated properly, and no errors were found.

So then around an hour before I was done for the day, I paused that particular zone all across the domain, and made sure nothing stopped internally.

And with a test PC, I use the Primary AD/DC as the main DNS server, and was still unable to resolve the website internally.

What strikes me as funny, if I remove the external Google DNS server from the DHCP server and restart all the services and flush everything out, every PC that is not a member of the domain, but connected to the internet, these machines are able to access the website.

The sad thing is I only have so much time during the day to work on this issue, before I get pulled off to work on other "Fires" for the customer base.

I have checked both firewall appliances, and even had one of the remote support monitor the traffic to see what they could see.  So with the www.xyz.com zone paused and not replicating across the domain, I should be able to focus a little bit more attention to the issue.

Note:
The two Host records have been changed to point from our external IP address to the Hosting site's external IP, and if you do a DNS look-up you see the correct IP address.
0
 
LVL 39

Assisted Solution

by:footech
footech earned 500 total points
Comment Utility
So you're saying the zone is "www.xyz.com" and not "xyz.com"?  If you could provide a screenshot that could clear up any confusion.

Pausing a zone won't allow the request to be passed on to other servers in the same way that would occur if the zone didn't exist.

Removing the unneeded zone is probably the right course, but I'm not saying it yet because of my confusion on what is currently in place.
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 

Assisted Solution

by:ttorno
ttorno earned 0 total points
Comment Utility
Thank you guys for all of your input, the problem has been solved.

The problem was I inherited this bazaar network, that was not properly taken care of, so everything was built upon what the last guy did, and nothing was ever done to straighten the entire mess out.

 So here goes the solution:

The internal DNS zone was xyz.corp  the main zone for the entire company, and the secondary zone of xyz.com.

So yesterday I went through both zones with a fine tooth comb, and noticed several duplicate A records one in each zone.  Well the zone I was wanting to delete I made sure to delete several of the A records, and then wait for replication.  Nothing stopped, which was a major relief.  So this morning I made sure I had a good solid backup of the server and I copied all of the last remaining records down so if all failed I could reinstate it.
Once I deleted that zone, I made sure to clear all of the cached information, and restart all of the services as well.
And sure enough the external website showed up, and I was able to remove the external DNS server out of DHCP's DNS scope.  All is working now.

My only problem is, I wish management would of discussed the change with the rest of the entire IT department, before the changes were done and all could of been properly planned out.
I guess that is what I get, when the people in charge just take off running and expect instant gratification, before finding out if there will be any repercussions due to their actions...

Now off to the new fire.....
0
 

Author Comment

by:ttorno
Comment Utility
Thank you all for your time and support.
0
 

Author Closing Comment

by:ttorno
Comment Utility
Both users were able to allow me to look in a bit closer at the issue, which was then solved.
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Suggested Solutions

For some reason Google Apps has decided to reserve 'www' for your new domain which results in an error when trying to map the web address 'www' to a certain site in your Google Sites. The error is 'this address is already being used' and after some …
The task of choosing a web design company to build a website for your business should never be taken in a light manner. Provided the fact that your website will act as a representative to your business and will be responsible for imposing an online …
The purpose of this video is to demonstrate how to set up the WordPress backend so that each page automatically generates a Mailchimp signup form in the sidebar. This will be demonstrated using a Windows 8 PC. Tools Used are Photoshop, Awesome…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now