Link to home
Start Free TrialLog in
Avatar of Qualitycomputer
Qualitycomputer

asked on

Internal DNS Zone Issue

I'm having trouble bringing up a website from domain client machines for a website hosted a public server with the same name as the internal network.  In other words, Domain.local clients cannot browse to Domain.com.   Internal domain is using SBS2008 as the Active Directory server.

I have set up a Forward Lookup Zone on the local SBS DNS server for domain.com with an "A" record pointer to the static IP address of the public website.  Local clients can successfully resolve and ping "www.domain.com" from command prompts but receive "Site cannot be found"... "DNS Server cannot be reached" on their local browsers.  NSLookup commands from those client machines successfully resolve the IP address of the public website and show their local DNS server as the name server.  If the network adapter properties of the local client is changed to public DNS (i.e. 4.2.2.2) the website then appears properly.  This problem started when they moved to a shared hosted Website provider, but now persists even after obtaining a static IP address for their public website.

I have tried adding the GoDaddy Information Name Servers (the Web Hosting service) to the FLZ using the SOA - Name Servers entry  (i.e.ns49.domaincontrol.com).  No luck.  Obviously, I always flush and register the DNS cache between all configuration changes.  The "A" record in the same local DNS zone used to work before the client moved to a shared hosting platform,

Is there a CNAME entry that will fix this problem?

Thanks!
Avatar of Shabarinath TR
Shabarinath TR
Flag of India image

If DNS resolution is happening as expected, Then we should look for something which is beyond DNS resolution.

Did you get a chance to check if port 80 (443 if https is configured) is listening while trying to check the connectivity using portqur. Try with portqruui which  is easy to check.

Another thought is on the DNS zone. If your domain is domain.local, the DNS resolution for domain.com will use the root hints (hope its not disabled). ie, without having a zone for domain.com in your internal DNS, name resolution should work. If you host a zone for domain.com in the internal dns, its also important to put all the right dns records which are in the external dns zone.
domain.com and domain.local are two distinctly different domains. Setting you a Zone on your Internal DNS for domain,cin really isn't need and can cause issues. If resolving domain.com is the only point in creating this zone I would remove it.

I forget the issue with GoDaddy when you use a shared hosting site. You cannot get to it by IP. I would clean up your DNS and use forwarders. At leat the teo provided by your ISP and maybe Googles for #3 and #4. Sounds more like you are having DNS issues.

If you insist on keeping that zone try two entries. www.domain.local and just domain.local Some browsers require both.
Avatar of Qualitycomputer
Qualitycomputer

ASKER

Prior to posting my question on this forum I had tried deleting the local Forward Lookup Zone for "Domain.com" but that did not work.  I don't think port 80 is the issue as the site always came up previously until the Web hosting changed.

The problem is definitely something with the local DNS as when I use public DNS from the domain workstations the problem is cured.

I have not disabled root hints.

While it may seem that domain.local and domain.com are separate domains, my experience has always been that in an AD environment where there is a .local domain name (as Microsoft used to recommend and configure for SBS) that it is indeed necessary to create a local FLZ zone for the public "domain.com" DNS.  In the past a simple "A" record was all that was needed.  I'm thinking that I need a CNAME entry as well.
"its also important to put all the right dns records which are in the external dns zone. "

Per your above comment, how can I determine which values (that are in the public DNS zone) should appear in the local DNS zone?
"The problem is definitely something with the local DNS as when I use public DNS from the domain workstations the problem is cured." Do you mean you go in and static the DNS on the workstations? Have you tried using Google's DNS servers as forwarders in your DNS on the server?


Now sure what this means:
"its also important to put all the right dns records which are in the external dns zone. "
Per your above comment, how can I determine which values (that are in the public DNS zone) should appear in the local DNS zone?
Lockdown32,

Yes, I manually change the DNS on the workstation to 4.2.2.2 and the problem disappears.  I have tried adding 4.2.2.2 to the list of name servers in the local SOA entry but the DNS server rejects that entry.  It will only allow me to add FQDN server names an then resolves those to IP addresses.  Long ago I added 4.2.2.2 and other public DNS servers to the "Forwarders" tab of the DNS server but to no avail.

My second comment was in response to Shabarinath who suggested that I add the values in the public DNS zone (website host's DNS) to the local zone.  I don't know how to determine those values.

Thanks!
Very odd. Something in general is just not right with the DNS. Using a 4.2.2.2 forwarder should do the same as staticing the workstations. I was trying to Google if removing the DNS role and re-adding it might be a fix and it looks like it might be. It came from EE:

https://www.experts-exchange.com/questions/24663715/DNS-broken-in-SBS-2008.html
Lockdown32,

I'm concerned that removing/adding the DNS role might break SBS as so many of the values were pre-programmed by Micrososft.  In other words, it may not be just a standard AD DNS zone.  

Let me mention that if I type in the actual IP address of the public web server on a client workstation the browser takes you to the actual website domain (i.e. domain.com) but throws the error:  domain.com's server DNS address could not be found.

So, the dns seems to resolve but then looks for additional information that the local site is apparently not providing.
I would agree with your concerns. That other link said it was safe but you never know. The only other suggestion I have come across is running the Fix My Network wizard from the console and clearing the DNS cache on the server. It surely has to be a local DNS issue if it works when you static IP. Another thought is to try Google's public DNS as opposed to Verizon's.
The only issue that the "Fix my network" wizard found was that the DNS server is using forwarders.  I've tried several different public DNS servers as forwarders but that doesn't help.

Could it be something basic like a CNAME entry?  I ask that hopefully because I don't fully understand the importance of such entries.
SOLUTION
Avatar of LockDown32
LockDown32
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
I had always suspected that a CNAME entry was the solution to this problem, and through trial and error I finally arrived at the resolution on my own.