Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


Web site access from an internal network

Posted on 2014-02-20
Medium Priority
Last Modified: 2014-02-26
Ok, I am having an issue, as always I am having to fix someone else's doings when it comes to this network.

Problem, the company recently purchased the support of an outside vendor to create and maintain the new website.  So now the internal network is no longer hosting the website.

So the next step I had to do was to have the two A records changed to the new external IP address, great and the website is up and running from the external side.

You are able to access the website from everywhere across the internet, just not from the internal network.

Now here is where the problem gets interesting:

1. In the DNS Zones, the zone for that particular zone exists inside of the domain tree structure.  The original records for the xyz.com and the www.xyz.com were deleted from the DNS zone.

So I have that DNS structure
XYZDC1, Forward look up, we then have XYZ.corp which is the main local domain, then there is the XYZ.com zone.

I have searched all over the internet for possible solutions.  I have even gone into that particular zone and created an A record for XYZ.com to point to the new external IP address,
restarted DNS, flushed, and registered and cleaned the cache, but still unable to access the website from the inside.

Now for a simple work around in the DHCP server scope so that everyone could access the website, and it has allowed me some time to get this resolved, I added the Google DNS server as the main DNS server, and all of our servers as secondary.

My thought is to delete that particular zone all together.

But would like some input before i do this, or if there is a better solution to this mess, that was thrown in my lap.
Question by:ttorno
  • 4
  • 2
LVL 41

Accepted Solution

footech earned 2000 total points
ID: 39875768
Let me see if I'm understanding your situation.  Let me know if any of the following are incorrect.
-In DNS you have two forward lookup zones, one for xyz.corp, and one for xyz.com.
-Your AD domain is xyz.corp

What records are present in the xyz.com zone?  Is there such an AD domain in your organization?  Do you need to resolve both "xyz.com" and "www.xyz.com" to the website?

Having Google's DNS server assigned as preferred DNS for clients will cause issues when trying to resolve any internal names.

Author Comment

ID: 39875862
Oh, I know oh to well the ramifications for using the Google DNS server as a primary server on a domain environment, but because this is all Hodge podge of a setup, I am the one who has to fix the issues.  The external was only a temporary fix so that certain people could access the website internally that day.  It was just to buy me a few more hours to solve.

the www.xyz.com zone in DNS structure does not need to resolve anything to the outside world anymore.  I went in earlier this evening and deleted 6 records out of the particular zone.  I waited an hour to make sure DNS internally replicated properly, and no errors were found.

So then around an hour before I was done for the day, I paused that particular zone all across the domain, and made sure nothing stopped internally.

And with a test PC, I use the Primary AD/DC as the main DNS server, and was still unable to resolve the website internally.

What strikes me as funny, if I remove the external Google DNS server from the DHCP server and restart all the services and flush everything out, every PC that is not a member of the domain, but connected to the internet, these machines are able to access the website.

The sad thing is I only have so much time during the day to work on this issue, before I get pulled off to work on other "Fires" for the customer base.

I have checked both firewall appliances, and even had one of the remote support monitor the traffic to see what they could see.  So with the www.xyz.com zone paused and not replicating across the domain, I should be able to focus a little bit more attention to the issue.

The two Host records have been changed to point from our external IP address to the Hosting site's external IP, and if you do a DNS look-up you see the correct IP address.
LVL 41

Assisted Solution

footech earned 2000 total points
ID: 39876045
So you're saying the zone is "www.xyz.com" and not "xyz.com"?  If you could provide a screenshot that could clear up any confusion.

Pausing a zone won't allow the request to be passed on to other servers in the same way that would occur if the zone didn't exist.

Removing the unneeded zone is probably the right course, but I'm not saying it yet because of my confusion on what is currently in place.
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!


Assisted Solution

ttorno earned 0 total points
ID: 39877278
Thank you guys for all of your input, the problem has been solved.

The problem was I inherited this bazaar network, that was not properly taken care of, so everything was built upon what the last guy did, and nothing was ever done to straighten the entire mess out.

 So here goes the solution:

The internal DNS zone was xyz.corp  the main zone for the entire company, and the secondary zone of xyz.com.

So yesterday I went through both zones with a fine tooth comb, and noticed several duplicate A records one in each zone.  Well the zone I was wanting to delete I made sure to delete several of the A records, and then wait for replication.  Nothing stopped, which was a major relief.  So this morning I made sure I had a good solid backup of the server and I copied all of the last remaining records down so if all failed I could reinstate it.
Once I deleted that zone, I made sure to clear all of the cached information, and restart all of the services as well.
And sure enough the external website showed up, and I was able to remove the external DNS server out of DHCP's DNS scope.  All is working now.

My only problem is, I wish management would of discussed the change with the rest of the entire IT department, before the changes were done and all could of been properly planned out.
I guess that is what I get, when the people in charge just take off running and expect instant gratification, before finding out if there will be any repercussions due to their actions...

Now off to the new fire.....

Author Comment

ID: 39877288
Thank you all for your time and support.

Author Closing Comment

ID: 39888291
Both users were able to allow me to look in a bit closer at the issue, which was then solved.

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Occasionally you run into the website or two that will not resolve properly using your own DNS servers.  Some people simply set up global forwarders for their DNS server.  I don’t recommend doing this because it can cause problems resolving addresse…
BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
The purpose of this video is to demonstrate how to set up the WordPress backend so that each page automatically generates a Mailchimp signup form in the sidebar. This will be demonstrated using a Windows 8 PC. Tools Used are Photoshop, Awesome…
This Micro Tutorial will teach you how to add a cinematic look to any film or video out there. There are very few simple steps that you will follow to do so. This will be demonstrated using Adobe Premiere Pro CS6.
Suggested Courses

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question