Solved

Public Website Name Resolution Problem in a Split DNS Zone

Posted on 2014-07-22
18
754 Views
Last Modified: 2014-07-23
I have a site with a domain.local AD site name and an internal DNS zone set up for their public domain.com in order to support their onsite Exchange Server.

I've added a www pointer to the internal DNS (domain.com zone) for the IP address that is returned when their public website is pinged from outside their domain.  While that approach seems to work 99% of the time, in this case they must be on a shared hosting plan as the IP address pointer only gets the internal users to the website hosting site and not to their particular website.

Short of changing their hosting plan, is there a workaround to implement?

Thanks,

J
0
Comment
Question by:Qualitycomputer
  • 7
  • 6
  • 5
18 Comments
 
LVL 39

Expert Comment

by:footech
ID: 40213130
If internet users access the site by using "www.domain.com", and a DNS query to public DNS servers shows that www.domain.com resolves to xxx.xxx.xxx.xxx, then creating the same record in your internal DNS should function exactly the same way.  The only time I've heard of a case where this wasn't happening was because the hosting provider was blocking the company's IP address.
0
 

Author Comment

by:Qualitycomputer
ID: 40213174
When I ping www.customer.com from the network-tools.com ping utility I get one IP address, but when I ping it from a command prompt from my workstations the value that is returned is the IP address(es) of the web host.
0
 
LVL 39

Expert Comment

by:footech
ID: 40213209
Run the following commands at your workstation and post back the results (substituting for the correct domain).  Feel free to obfuscate the results, but leave enough info so that it's not meaningless.
nslookup www.domain.com. 8.8.8.8
nslookup www.domain.com.

Open in new window

0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 

Author Comment

by:Qualitycomputer
ID: 40213928
nslookup www.customer.org 8.8.8.8:

Non-authoritative answer:
www.customer.org      canonical name = customer.org.
Name:      customer.org
Address: 66.155.12.238
Name:      customer.org
Address: 66.155.19.238
Name:      customer.org
Address: 192.0.82.250
Name:      customer.org
Address: 76.73.254.123
Name:      customer.org
Address: 76.73.254.120
Name:      customer.org
Address: 192.0.82.250

nslookup without 8.8.8.8 yields the same results.

Does this offer any clues?
0
 
LVL 10

Expert Comment

by:EdTechy
ID: 40214513
Unless I am not understanding your issue correctly, your internal dns should point to the internal (private) address of the Exchange server.
Also try nslookup www.customer.org using the internal dns ip address.
Another thing to check.. make sure the client is actually pointing to the internal dns server.
0
 

Author Comment

by:Qualitycomputer
ID: 40214642
There is already an entry in the internal customer.org DNS zone with the internal IP address of the Exchange Server.  That part works well and is not related to the web site problem.  The www pointer seems to be the problem.  I've edited that internal www pointer to several of the public IPs returned by the NSLookup but they all just point to the general site of the Web host (WordPress) and not to the specific page for my client's web site.  

I've seen such behavior in the past when a customer is on a shared hosting plan and doesn't have a dedicated IP address which points to their home page.  That's why I'm looking for either a workaround or a reason why it works over public DNS but not with the static, private DNS entry.
0
 
LVL 10

Expert Comment

by:EdTechy
ID: 40214707
You may want to call the ISP and see exactly where to point your cname entry for www in your internal dns.
I have a hosted plan and I have a CNAME pointing to the host by name myhost.net. They then route all request to our site on their end.
0
 
LVL 39

Expert Comment

by:footech
ID: 40214766
Looks like the public records have www.customer.org as a CNAME record which points to customer.org, and then there are several A records for customer.org for the different IPs.  I would duplicate that setup in your internal DNS.  Your hosting provider probably uses host headers to detect which site should be presented, so as long as the right name is being queried the right site should be returned.  My guess here is that your site is tied to the host header "customer.org" instead of "www.customer.org", so if you just have an A record for www.customer.org which points at the IP, the right name isn't being presented.  If you were to just try browsing to "customer.org" (assuming you have an A record for it) it should work.
0
 

Author Comment

by:Qualitycomputer
ID: 40214795
Footech,

So to follow your advice should I add a CNAME entry to the internal DNS zone?  If so, which of those various IP addresses returned from the NSLookup would I use?  Can I add more than one "A" record with a www pointer or more than one IP address per "A" record?

If it's not too much trouble, please show me an example of the syntax for a CNAME entry.  This is going to be added to a Windows 2008 AD server.
0
 
LVL 10

Assisted Solution

by:EdTechy
EdTechy earned 250 total points
ID: 40214896
Yes I would add a CNAME to your internal dns. You will use customer.org not an ip address.
Within your customer.org zone make a New Alias(CNAME)
Alias name www
Fully qualified domain name...
customer.org
0
 
LVL 39

Accepted Solution

by:
footech earned 250 total points
ID: 40214912
Yes, in the customer.org zone, add a CNAME record with the alias "www" and the FQDN of the target will be "customer.org".  You shouldn't have any A records for "www.customer.org", only for "customer.org".  You can have multiple A records for the same name, and each will point to a different IP.
0
 

Author Comment

by:Qualitycomputer
ID: 40215060
Thank you both EdTechy and Footech.  I added a CNAME record of "www" to the internal dns zone. That was easy.
Adding the individual IP addresses from the NSLookup query isn't going well though.  When I try to create an "A" record without a title I receive an error message from the DNS editor stating that "The host record 'domain.org' cannot be created.  Node is a CNAME DNS record".  

That doesn't happen if I add a www or some other prefix to the "A" record and specify and IP address.  I guess I don't know how to add the "A" record so that it is for "customer.org" and not for "www.customer.org" as Footech advised.
0
 

Author Comment

by:Qualitycomputer
ID: 40215083
I added all of the IP addresses from the NSLookup as "www" "A" records and, along with the CNAME entry, that worked.  Should I be concerned that I added 5 "www" records to the zone, or should I just call it good?

Many thanks,

J
0
 
LVL 10

Expert Comment

by:EdTechy
ID: 40215128
I don't think you need any of the A records as long as you have the cname. If internally you can get to www.customer.org without the A records, I would remove them just to keep your dns clean.
0
 
LVL 39

Expert Comment

by:footech
ID: 40215141
The only time you get that error message is when you try to create an A record with the same name as a CNAME record.  Here's an example of what you should have.
DNS recordsI don't see how it's possible for you to have added the A records for "www" if you have the CNAME for "www" as well.
0
 
LVL 39

Expert Comment

by:footech
ID: 40215150
@EdTechy - without the A records the DNS wouldn't resolve to an IP.  Since the zone is present on the local DNS, the query wouldn't be sent on to forwarders or root hints to be resolved.
0
 

Author Comment

by:Qualitycomputer
ID: 40215201
I deleted all of the new DNS additions and started over to see if the "A" records were needed.  Footech is correct -- you need the "A" records in addition to the CNAME record.  Thanks again!
0
 
LVL 10

Expert Comment

by:EdTechy
ID: 40215271
@Footech - Makes sense.
Glad it is working.
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Shows how to create a shortcut to site-search Experts Exchange using Google in the Chrome browser. This eliminates the need to type out site:experts-exchange.com whenever you want to search the site. Launch the Search Engine Menu: In chrome, via you…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question