DNS Issue when Accessing external Website using Split DNS

I currently have an Active Directory environment running split DNS.  I have ABC.local for my internal domain name, and our public domain name is ABC.COM.

I have configured a DNS Zone for ABC.COM to access certain things while inside the domain.....  Our company website is now being hosted externally.  It is accessible outside the network, but not from the inside.  I have added an A record "www" that points to the public IP of the webserver.  It still does not resolve.  The weird thing is if I put the IP in my browser inside the network it DOES take me to the page.....

What am I missing?
BSModlinAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Rich WeisslerProfessional Troublemaker^h^h^h^h^hshooterCommented:
> I have added an A record "www" that points to the public IP of the webserver.
And you did this on the DNS server which is authoritative for the ABC.COM domain?  (I'm assuming you really did this on the internal DNS server, which it sounds like you DON'T want this entry, and you need to have it on the external DNS server which is serving this domain for the public.)
BSModlinAuthor Commented:
It is both on the internal and external DNS servers.....
Rich WeisslerProfessional Troublemaker^h^h^h^h^hshooterCommented:
Lets narrow down what isn't working then.  If I were at the keyboard, I'd try the following:
nslookup  (this would enter me into nslookup dialog with my local dns server)
www (this would query the local dns server for www.<default_suffix>, what does it return?)
www.ABC.COM (What does this return?)

server [authoritative_DNS_server_for_ABC.COM] (this will switch to the other DNS server.)
www.ABC.COM (And what does this return now?)
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

Will SzymkowskiSenior Solution ArchitectCommented:
If you remove the internal record (www) from your internal zone for ABC.COM and run ipconfig /flushdns and then put the IP back in the browser does it go to the page?

Have you checked your firewall to see where the traffic is going? What page is it displaying for you when you have the A record on the DNS server internally?

Will.
Hypercat (Deb)Commented:
Why did you create the extra DNS zone for abc.com?  If your internal domain is abc.local and your external one is abc.com, you should not need any internal zone for abc.com.  When your internal clients browse www.abc.com your DNS server will resolve that address using an external DNS server, either a forwarder or the root hints depending on how your DNS server is configured, because it will see that abc.com is not an internal domain. So, if you remove the internal abc.com DNS zone, you should be able to browse www.abc.com without any problem.
Will SzymkowskiSenior Solution ArchitectCommented:
Just to add to what hypercat has said, you would only add the www A record if your website is hosted internally. Because you have it hosted externally and add the external IP was configured internally the clients will not go out to the internet because they see this record in the internal ABC.COM DNS zone.

Will.
BSModlinAuthor Commented:
Understood, but tfor things like mobile phones that need to access their emails both internally and externally, the creation of ABC.COM was necessary.... Cisco ASA firewalls do not allow devices to leave the firewall destined for a Public IP that resides on that same firewall.... Cannot go out to come right back in....
Hypercat (Deb)Commented:
How are the mobile phones connecting to the internal network?
it_saigeDeveloperCommented:
BSModin, if the phones are connecting via wifi, then they should be using the local DNS address for the mail server (assuming Exchange).  You just need to ensure that the InternalURL for the Exchange server ActiveSync/OutlookAnywhere (depends on version) is configured properly and accessible via the local network.

Otherwise, the phones would use their respective carriers network and this would all be moot as the carrier network is external to your network.  In this case, the phones would use your external DNS records to access the ExternalURL for your Exchange server.

Hypercat is right on with regards to the necessity of split dns in your situation.

-saige-
BSModlinAuthor Commented:
If I do that we will have issues with the SSL certificate because you can not longer have .local as a valid entry in the cert.  I have identified my issue.  The website is redirecting the www.abc.com request to abc.com, without the www.  How do you make a "wildcard" entry in DNS so when they go to abc.com without the www it will go to the static IP of my choice?
it_saigeDeveloperCommented:
You could do something like what is outlined here:

http://www.netlife.co.za/tech-guides/46-linuxoss-and-networking/95-adding-single-dns-hosts-for-external-zones-to-a-windows-dns-server.html

Just checking, in your current configuration, you have a cname record for the exchange server that points to the internal ip; e.g. - mail.abc.com -> 192.168.1.15?

-saige-

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
DNS

From novice to tech pro — start learning today.