Solved

Public Website Name Resolution Problem in a Split DNS Zone

Posted on 2014-07-22
18
736 Views
Last Modified: 2014-07-23
I have a site with a domain.local AD site name and an internal DNS zone set up for their public domain.com in order to support their onsite Exchange Server.

I've added a www pointer to the internal DNS (domain.com zone) for the IP address that is returned when their public website is pinged from outside their domain.  While that approach seems to work 99% of the time, in this case they must be on a shared hosting plan as the IP address pointer only gets the internal users to the website hosting site and not to their particular website.

Short of changing their hosting plan, is there a workaround to implement?

Thanks,

J
0
Comment
Question by:Qualitycomputer
  • 7
  • 6
  • 5
18 Comments
 
LVL 39

Expert Comment

by:footech
Comment Utility
If internet users access the site by using "www.domain.com", and a DNS query to public DNS servers shows that www.domain.com resolves to xxx.xxx.xxx.xxx, then creating the same record in your internal DNS should function exactly the same way.  The only time I've heard of a case where this wasn't happening was because the hosting provider was blocking the company's IP address.
0
 

Author Comment

by:Qualitycomputer
Comment Utility
When I ping www.customer.com from the network-tools.com ping utility I get one IP address, but when I ping it from a command prompt from my workstations the value that is returned is the IP address(es) of the web host.
0
 
LVL 39

Expert Comment

by:footech
Comment Utility
Run the following commands at your workstation and post back the results (substituting for the correct domain).  Feel free to obfuscate the results, but leave enough info so that it's not meaningless.
nslookup www.domain.com. 8.8.8.8
nslookup www.domain.com.

Open in new window

0
 

Author Comment

by:Qualitycomputer
Comment Utility
nslookup www.customer.org 8.8.8.8:

Non-authoritative answer:
www.customer.org      canonical name = customer.org.
Name:      customer.org
Address: 66.155.12.238
Name:      customer.org
Address: 66.155.19.238
Name:      customer.org
Address: 192.0.82.250
Name:      customer.org
Address: 76.73.254.123
Name:      customer.org
Address: 76.73.254.120
Name:      customer.org
Address: 192.0.82.250

nslookup without 8.8.8.8 yields the same results.

Does this offer any clues?
0
 
LVL 10

Expert Comment

by:EdTechy
Comment Utility
Unless I am not understanding your issue correctly, your internal dns should point to the internal (private) address of the Exchange server.
Also try nslookup www.customer.org using the internal dns ip address.
Another thing to check.. make sure the client is actually pointing to the internal dns server.
0
 

Author Comment

by:Qualitycomputer
Comment Utility
There is already an entry in the internal customer.org DNS zone with the internal IP address of the Exchange Server.  That part works well and is not related to the web site problem.  The www pointer seems to be the problem.  I've edited that internal www pointer to several of the public IPs returned by the NSLookup but they all just point to the general site of the Web host (WordPress) and not to the specific page for my client's web site.  

I've seen such behavior in the past when a customer is on a shared hosting plan and doesn't have a dedicated IP address which points to their home page.  That's why I'm looking for either a workaround or a reason why it works over public DNS but not with the static, private DNS entry.
0
 
LVL 10

Expert Comment

by:EdTechy
Comment Utility
You may want to call the ISP and see exactly where to point your cname entry for www in your internal dns.
I have a hosted plan and I have a CNAME pointing to the host by name myhost.net. They then route all request to our site on their end.
0
 
LVL 39

Expert Comment

by:footech
Comment Utility
Looks like the public records have www.customer.org as a CNAME record which points to customer.org, and then there are several A records for customer.org for the different IPs.  I would duplicate that setup in your internal DNS.  Your hosting provider probably uses host headers to detect which site should be presented, so as long as the right name is being queried the right site should be returned.  My guess here is that your site is tied to the host header "customer.org" instead of "www.customer.org", so if you just have an A record for www.customer.org which points at the IP, the right name isn't being presented.  If you were to just try browsing to "customer.org" (assuming you have an A record for it) it should work.
0
 

Author Comment

by:Qualitycomputer
Comment Utility
Footech,

So to follow your advice should I add a CNAME entry to the internal DNS zone?  If so, which of those various IP addresses returned from the NSLookup would I use?  Can I add more than one "A" record with a www pointer or more than one IP address per "A" record?

If it's not too much trouble, please show me an example of the syntax for a CNAME entry.  This is going to be added to a Windows 2008 AD server.
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 
LVL 10

Assisted Solution

by:EdTechy
EdTechy earned 250 total points
Comment Utility
Yes I would add a CNAME to your internal dns. You will use customer.org not an ip address.
Within your customer.org zone make a New Alias(CNAME)
Alias name www
Fully qualified domain name...
customer.org
0
 
LVL 39

Accepted Solution

by:
footech earned 250 total points
Comment Utility
Yes, in the customer.org zone, add a CNAME record with the alias "www" and the FQDN of the target will be "customer.org".  You shouldn't have any A records for "www.customer.org", only for "customer.org".  You can have multiple A records for the same name, and each will point to a different IP.
0
 

Author Comment

by:Qualitycomputer
Comment Utility
Thank you both EdTechy and Footech.  I added a CNAME record of "www" to the internal dns zone. That was easy.
Adding the individual IP addresses from the NSLookup query isn't going well though.  When I try to create an "A" record without a title I receive an error message from the DNS editor stating that "The host record 'domain.org' cannot be created.  Node is a CNAME DNS record".  

That doesn't happen if I add a www or some other prefix to the "A" record and specify and IP address.  I guess I don't know how to add the "A" record so that it is for "customer.org" and not for "www.customer.org" as Footech advised.
0
 

Author Comment

by:Qualitycomputer
Comment Utility
I added all of the IP addresses from the NSLookup as "www" "A" records and, along with the CNAME entry, that worked.  Should I be concerned that I added 5 "www" records to the zone, or should I just call it good?

Many thanks,

J
0
 
LVL 10

Expert Comment

by:EdTechy
Comment Utility
I don't think you need any of the A records as long as you have the cname. If internally you can get to www.customer.org without the A records, I would remove them just to keep your dns clean.
0
 
LVL 39

Expert Comment

by:footech
Comment Utility
The only time you get that error message is when you try to create an A record with the same name as a CNAME record.  Here's an example of what you should have.
DNS recordsI don't see how it's possible for you to have added the A records for "www" if you have the CNAME for "www" as well.
0
 
LVL 39

Expert Comment

by:footech
Comment Utility
@EdTechy - without the A records the DNS wouldn't resolve to an IP.  Since the zone is present on the local DNS, the query wouldn't be sent on to forwarders or root hints to be resolved.
0
 

Author Comment

by:Qualitycomputer
Comment Utility
I deleted all of the new DNS additions and started over to see if the "A" records were needed.  Footech is correct -- you need the "A" records in addition to the CNAME record.  Thanks again!
0
 
LVL 10

Expert Comment

by:EdTechy
Comment Utility
@Footech - Makes sense.
Glad it is working.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Join & Write a Comment

Lync server 2013 Backup Service Error ID 4049 – After File Share Migration
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This Micro Tutorial will demonstrate how to add subdomains to your content reports. This can be very importing in having a site with multiple subdomains.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now