Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 865
  • Last Modified:

Public Website Name Resolution Problem in a Split DNS Zone

I have a site with a domain.local AD site name and an internal DNS zone set up for their public domain.com in order to support their onsite Exchange Server.

I've added a www pointer to the internal DNS (domain.com zone) for the IP address that is returned when their public website is pinged from outside their domain.  While that approach seems to work 99% of the time, in this case they must be on a shared hosting plan as the IP address pointer only gets the internal users to the website hosting site and not to their particular website.

Short of changing their hosting plan, is there a workaround to implement?

Thanks,

J
0
Qualitycomputer
Asked:
Qualitycomputer
  • 7
  • 6
  • 5
2 Solutions
 
footechCommented:
If internet users access the site by using "www.domain.com", and a DNS query to public DNS servers shows that www.domain.com resolves to xxx.xxx.xxx.xxx, then creating the same record in your internal DNS should function exactly the same way.  The only time I've heard of a case where this wasn't happening was because the hosting provider was blocking the company's IP address.
0
 
QualitycomputerAuthor Commented:
When I ping www.customer.com from the network-tools.com ping utility I get one IP address, but when I ping it from a command prompt from my workstations the value that is returned is the IP address(es) of the web host.
0
 
footechCommented:
Run the following commands at your workstation and post back the results (substituting for the correct domain).  Feel free to obfuscate the results, but leave enough info so that it's not meaningless.
nslookup www.domain.com. 8.8.8.8
nslookup www.domain.com.

Open in new window

0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
QualitycomputerAuthor Commented:
nslookup www.customer.org 8.8.8.8:

Non-authoritative answer:
www.customer.org      canonical name = customer.org.
Name:      customer.org
Address: 66.155.12.238
Name:      customer.org
Address: 66.155.19.238
Name:      customer.org
Address: 192.0.82.250
Name:      customer.org
Address: 76.73.254.123
Name:      customer.org
Address: 76.73.254.120
Name:      customer.org
Address: 192.0.82.250

nslookup without 8.8.8.8 yields the same results.

Does this offer any clues?
0
 
EdTechyCommented:
Unless I am not understanding your issue correctly, your internal dns should point to the internal (private) address of the Exchange server.
Also try nslookup www.customer.org using the internal dns ip address.
Another thing to check.. make sure the client is actually pointing to the internal dns server.
0
 
QualitycomputerAuthor Commented:
There is already an entry in the internal customer.org DNS zone with the internal IP address of the Exchange Server.  That part works well and is not related to the web site problem.  The www pointer seems to be the problem.  I've edited that internal www pointer to several of the public IPs returned by the NSLookup but they all just point to the general site of the Web host (WordPress) and not to the specific page for my client's web site.  

I've seen such behavior in the past when a customer is on a shared hosting plan and doesn't have a dedicated IP address which points to their home page.  That's why I'm looking for either a workaround or a reason why it works over public DNS but not with the static, private DNS entry.
0
 
EdTechyCommented:
You may want to call the ISP and see exactly where to point your cname entry for www in your internal dns.
I have a hosted plan and I have a CNAME pointing to the host by name myhost.net. They then route all request to our site on their end.
0
 
footechCommented:
Looks like the public records have www.customer.org as a CNAME record which points to customer.org, and then there are several A records for customer.org for the different IPs.  I would duplicate that setup in your internal DNS.  Your hosting provider probably uses host headers to detect which site should be presented, so as long as the right name is being queried the right site should be returned.  My guess here is that your site is tied to the host header "customer.org" instead of "www.customer.org", so if you just have an A record for www.customer.org which points at the IP, the right name isn't being presented.  If you were to just try browsing to "customer.org" (assuming you have an A record for it) it should work.
0
 
QualitycomputerAuthor Commented:
Footech,

So to follow your advice should I add a CNAME entry to the internal DNS zone?  If so, which of those various IP addresses returned from the NSLookup would I use?  Can I add more than one "A" record with a www pointer or more than one IP address per "A" record?

If it's not too much trouble, please show me an example of the syntax for a CNAME entry.  This is going to be added to a Windows 2008 AD server.
0
 
EdTechyCommented:
Yes I would add a CNAME to your internal dns. You will use customer.org not an ip address.
Within your customer.org zone make a New Alias(CNAME)
Alias name www
Fully qualified domain name...
customer.org
0
 
footechCommented:
Yes, in the customer.org zone, add a CNAME record with the alias "www" and the FQDN of the target will be "customer.org".  You shouldn't have any A records for "www.customer.org", only for "customer.org".  You can have multiple A records for the same name, and each will point to a different IP.
0
 
QualitycomputerAuthor Commented:
Thank you both EdTechy and Footech.  I added a CNAME record of "www" to the internal dns zone. That was easy.
Adding the individual IP addresses from the NSLookup query isn't going well though.  When I try to create an "A" record without a title I receive an error message from the DNS editor stating that "The host record 'domain.org' cannot be created.  Node is a CNAME DNS record".  

That doesn't happen if I add a www or some other prefix to the "A" record and specify and IP address.  I guess I don't know how to add the "A" record so that it is for "customer.org" and not for "www.customer.org" as Footech advised.
0
 
QualitycomputerAuthor Commented:
I added all of the IP addresses from the NSLookup as "www" "A" records and, along with the CNAME entry, that worked.  Should I be concerned that I added 5 "www" records to the zone, or should I just call it good?

Many thanks,

J
0
 
EdTechyCommented:
I don't think you need any of the A records as long as you have the cname. If internally you can get to www.customer.org without the A records, I would remove them just to keep your dns clean.
0
 
footechCommented:
The only time you get that error message is when you try to create an A record with the same name as a CNAME record.  Here's an example of what you should have.
DNS recordsI don't see how it's possible for you to have added the A records for "www" if you have the CNAME for "www" as well.
0
 
footechCommented:
@EdTechy - without the A records the DNS wouldn't resolve to an IP.  Since the zone is present on the local DNS, the query wouldn't be sent on to forwarders or root hints to be resolved.
0
 
QualitycomputerAuthor Commented:
I deleted all of the new DNS additions and started over to see if the "A" records were needed.  Footech is correct -- you need the "A" records in addition to the CNAME record.  Thanks again!
0
 
EdTechyCommented:
@Footech - Makes sense.
Glad it is working.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 7
  • 6
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now