Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Public Website Name Resolution Problem in a Split DNS Zone

Posted on 2014-07-22
18
Medium Priority
?
853 Views
Last Modified: 2014-07-23
I have a site with a domain.local AD site name and an internal DNS zone set up for their public domain.com in order to support their onsite Exchange Server.

I've added a www pointer to the internal DNS (domain.com zone) for the IP address that is returned when their public website is pinged from outside their domain.  While that approach seems to work 99% of the time, in this case they must be on a shared hosting plan as the IP address pointer only gets the internal users to the website hosting site and not to their particular website.

Short of changing their hosting plan, is there a workaround to implement?

Thanks,

J
0
Comment
Question by:Qualitycomputer
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 6
  • 5
18 Comments
 
LVL 41

Expert Comment

by:footech
ID: 40213130
If internet users access the site by using "www.domain.com", and a DNS query to public DNS servers shows that www.domain.com resolves to xxx.xxx.xxx.xxx, then creating the same record in your internal DNS should function exactly the same way.  The only time I've heard of a case where this wasn't happening was because the hosting provider was blocking the company's IP address.
0
 

Author Comment

by:Qualitycomputer
ID: 40213174
When I ping www.customer.com from the network-tools.com ping utility I get one IP address, but when I ping it from a command prompt from my workstations the value that is returned is the IP address(es) of the web host.
0
 
LVL 41

Expert Comment

by:footech
ID: 40213209
Run the following commands at your workstation and post back the results (substituting for the correct domain).  Feel free to obfuscate the results, but leave enough info so that it's not meaningless.
nslookup www.domain.com. 8.8.8.8
nslookup www.domain.com.

Open in new window

0
Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

 

Author Comment

by:Qualitycomputer
ID: 40213928
nslookup www.customer.org 8.8.8.8:

Non-authoritative answer:
www.customer.org      canonical name = customer.org.
Name:      customer.org
Address: 66.155.12.238
Name:      customer.org
Address: 66.155.19.238
Name:      customer.org
Address: 192.0.82.250
Name:      customer.org
Address: 76.73.254.123
Name:      customer.org
Address: 76.73.254.120
Name:      customer.org
Address: 192.0.82.250

nslookup without 8.8.8.8 yields the same results.

Does this offer any clues?
0
 
LVL 10

Expert Comment

by:EdTechy
ID: 40214513
Unless I am not understanding your issue correctly, your internal dns should point to the internal (private) address of the Exchange server.
Also try nslookup www.customer.org using the internal dns ip address.
Another thing to check.. make sure the client is actually pointing to the internal dns server.
0
 

Author Comment

by:Qualitycomputer
ID: 40214642
There is already an entry in the internal customer.org DNS zone with the internal IP address of the Exchange Server.  That part works well and is not related to the web site problem.  The www pointer seems to be the problem.  I've edited that internal www pointer to several of the public IPs returned by the NSLookup but they all just point to the general site of the Web host (WordPress) and not to the specific page for my client's web site.  

I've seen such behavior in the past when a customer is on a shared hosting plan and doesn't have a dedicated IP address which points to their home page.  That's why I'm looking for either a workaround or a reason why it works over public DNS but not with the static, private DNS entry.
0
 
LVL 10

Expert Comment

by:EdTechy
ID: 40214707
You may want to call the ISP and see exactly where to point your cname entry for www in your internal dns.
I have a hosted plan and I have a CNAME pointing to the host by name myhost.net. They then route all request to our site on their end.
0
 
LVL 41

Expert Comment

by:footech
ID: 40214766
Looks like the public records have www.customer.org as a CNAME record which points to customer.org, and then there are several A records for customer.org for the different IPs.  I would duplicate that setup in your internal DNS.  Your hosting provider probably uses host headers to detect which site should be presented, so as long as the right name is being queried the right site should be returned.  My guess here is that your site is tied to the host header "customer.org" instead of "www.customer.org", so if you just have an A record for www.customer.org which points at the IP, the right name isn't being presented.  If you were to just try browsing to "customer.org" (assuming you have an A record for it) it should work.
0
 

Author Comment

by:Qualitycomputer
ID: 40214795
Footech,

So to follow your advice should I add a CNAME entry to the internal DNS zone?  If so, which of those various IP addresses returned from the NSLookup would I use?  Can I add more than one "A" record with a www pointer or more than one IP address per "A" record?

If it's not too much trouble, please show me an example of the syntax for a CNAME entry.  This is going to be added to a Windows 2008 AD server.
0
 
LVL 10

Assisted Solution

by:EdTechy
EdTechy earned 1000 total points
ID: 40214896
Yes I would add a CNAME to your internal dns. You will use customer.org not an ip address.
Within your customer.org zone make a New Alias(CNAME)
Alias name www
Fully qualified domain name...
customer.org
0
 
LVL 41

Accepted Solution

by:
footech earned 1000 total points
ID: 40214912
Yes, in the customer.org zone, add a CNAME record with the alias "www" and the FQDN of the target will be "customer.org".  You shouldn't have any A records for "www.customer.org", only for "customer.org".  You can have multiple A records for the same name, and each will point to a different IP.
0
 

Author Comment

by:Qualitycomputer
ID: 40215060
Thank you both EdTechy and Footech.  I added a CNAME record of "www" to the internal dns zone. That was easy.
Adding the individual IP addresses from the NSLookup query isn't going well though.  When I try to create an "A" record without a title I receive an error message from the DNS editor stating that "The host record 'domain.org' cannot be created.  Node is a CNAME DNS record".  

That doesn't happen if I add a www or some other prefix to the "A" record and specify and IP address.  I guess I don't know how to add the "A" record so that it is for "customer.org" and not for "www.customer.org" as Footech advised.
0
 

Author Comment

by:Qualitycomputer
ID: 40215083
I added all of the IP addresses from the NSLookup as "www" "A" records and, along with the CNAME entry, that worked.  Should I be concerned that I added 5 "www" records to the zone, or should I just call it good?

Many thanks,

J
0
 
LVL 10

Expert Comment

by:EdTechy
ID: 40215128
I don't think you need any of the A records as long as you have the cname. If internally you can get to www.customer.org without the A records, I would remove them just to keep your dns clean.
0
 
LVL 41

Expert Comment

by:footech
ID: 40215141
The only time you get that error message is when you try to create an A record with the same name as a CNAME record.  Here's an example of what you should have.
DNS recordsI don't see how it's possible for you to have added the A records for "www" if you have the CNAME for "www" as well.
0
 
LVL 41

Expert Comment

by:footech
ID: 40215150
@EdTechy - without the A records the DNS wouldn't resolve to an IP.  Since the zone is present on the local DNS, the query wouldn't be sent on to forwarders or root hints to be resolved.
0
 

Author Comment

by:Qualitycomputer
ID: 40215201
I deleted all of the new DNS additions and started over to see if the "A" records were needed.  Footech is correct -- you need the "A" records in addition to the CNAME record.  Thanks again!
0
 
LVL 10

Expert Comment

by:EdTechy
ID: 40215271
@Footech - Makes sense.
Glad it is working.
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A hard and fast method for reducing Active Directory Administrators members.
Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Suggested Courses

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question