Solved

2008/20012 DNS Issue

Posted on 2016-07-18
14
73 Views
Last Modified: 2016-07-21
our internal domain is company.com and our website is www.company.com.  the website is on a server hosted by another company.  
for over a year we have had no problems.  Now we are unable to get to our web site, our internal DNS server points us back to our domain controllers.  
In our DNS we have these static A records
(same as parent)    Host A         72.72.72.72  (external IP address)   Same as parent reverts to company.com
www                        Host A         72.72.72.72

these came automatically fiilled in from our AD copntrollers
(same as parent)    Host A         10.0.0.1   (internal IP address, DC)
(same as parent)    Host A         10.0.0.2   (internal IP address, DC)

Like I said this hasn't been a problem before.  But no one internally can get to company.com
0
Comment
Question by:Scott McIntosh
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 3
  • +2
14 Comments
 
LVL 7

Expert Comment

by:Thomas Wheeler
ID: 41717767
can you do an nslookup and post the results?
nslookup company.com
nslookup company.com 8.8.8.8

Open in new window

0
 
LVL 12

Expert Comment

by:alandc
ID: 41717770
Usually when the domain internal matches the domain external I find I have to seed the DNS with the external IP addresses.  That's why when I setup domains I now use a domain like COMPANY.local instead of .com or .net

So if you have company.com in your DNS but pointing to an external host it will screw up your domain resolution and computer may be unable to find SYSVOL and an active domain controller.

However populating WWW a record in your DNS is usually all that is required to get it working.
Have you recently changed the address of the server (externally) where your website is hosted.
So all together you should type www.company.com to get to your website NOT company.com.
Does that help or are we still missing parts?
0
 
LVL 12

Expert Comment

by:alandc
ID: 41717774
To expand on Thomas's comment about about using NSLOOKUP to check DNS entries what do you get when you lookup www.company.com instead of just company.com?
0
Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

 
LVL 30

Expert Comment

by:Britt Thompson
ID: 41717864
If your internal domain name is company.com you can't change that root record without breaking AD and DNS internally. Activate directory and group policies use that root company.com record for the DFS store used to hold all the GPOs and SYSVOL data at \\company.com\NETLOGON and SYSVOL. If you change those records it will look for NETLOGON from a UNC path at your external domain's web IP. It's safe to change the www record but not the root.

First, use http://mxtoolbox.com/DNSLookup.aspx to find the latest IP of your website to ensure you're using the correct IP internally (these can change with shared hosting like GoDaddy if your DNS is hosted with them as well).

If you want to resolve the domain resolution internally, and your domain setup supports it, you can use RENDOM to rename your internal domain to something like ad.company.com or corp.company.com. Using .local or non-routable domains is something to avoid now that you can no longer purchase 3rd party certificates to cover the domain suffixes. Using prefix.company.com allows you to purchase wildcard certificates from a trusted CA for use internally and externally.
0
 

Author Comment

by:Scott McIntosh
ID: 41717908
Should have posted this earlier.  nslookup from internal shows all internal AD and the external address.  nslookup using external DNS shows correct.  

the domain was setup with .com internally when I got here 3 years ago.    Everything was working without trouble until this morning.  

what is really strange is, if I try www.company.com , the www gets stripped off and I get the internal company server.

I am able to hit the website about one in 10 tries.
0
 
LVL 30

Expert Comment

by:Britt Thompson
ID: 41719014
The 1 in 10 tries sounds like your DNS may be round robining between multiple records. If you run an ipconfig /displaydns do you see multiple records for your domain? Do you have more than one DNS server assigned to the client NICs or more than one DC where DNS may not be replicated properly? Is it possible the server updated the DNS data files with an additional record?
0
 

Author Comment

by:Scott McIntosh
ID: 41719137
I have 5 DNS servers.  Each location has a domain controller, the corporate has 2.
Each DC points to the primary DNS server at the corporate office, with the secondary being it's own IP address.

All users and member servers has a primary DNS of the local DNS server, with the secondary being the primary DNS server in the corporate office.

I don't have any errors in my DNS logs
0
 
LVL 30

Expert Comment

by:Britt Thompson
ID: 41719268
You may not have any errors but do the records match between the sites? I would be surprised if DNS was replicating properly if the root record of the domain was changed to a public address.
0
 

Author Comment

by:Scott McIntosh
ID: 41719406
Yes, all records have been matching.    They all get updated on the hour with all records
0
 
LVL 30

Expert Comment

by:Britt Thompson
ID: 41719409
What was the output results of the ipconfig /displaydns?
0
 

Author Comment

by:Scott McIntosh
ID: 41719440
It shows all A records of the systems with system name.
Doesn't show any that are set to same as parent
0
 
LVL 12

Expert Comment

by:alandc
ID: 41719512
To be totally clear you MUST DELETE any A records for company.com that point to external IP address leaving only domain internal addresses to resolve to the primary domain AND you must retain WWW as a named record pointing to the external IP address of your webhost
This must be entered into one of your DNS servers and verify that it replicates properly to all four of the others. (ref. Microsoft DNS KB Article)
Your primary indication this is not configured correctly is "the www gets stripped off and I get the internal company server"
Finally you must make sure that clients only resolve their DNS through the authorized DNS servers in your domain.
0
 
LVL 26

Accepted Solution

by:
DrDave242 earned 500 total points
ID: 41719901
what is really strange is, if I try www.company.com , the www gets stripped off and I get the internal company server.
This indicates the presence of an HTTP redirect on the website. It takes requests for www.company.com and redirects them to company.com. Outside of the office, this isn't a problem, but inside, the effect is the same as browsing to company.com: it doesn't work because of the domain-name issue.

The only solution, aside from renaming your Active Directory domain, is to contact the web host and have them remove the redirect, then instruct your internal users that they must use www in the URL when browsing the site.
1
 

Author Closing Comment

by:Scott McIntosh
ID: 41723170
We went ahead and turned off the redirect for our site.  It resolves to www.company.com now and everyone is connecting to just fine.  Thanks for the assistance
0

Featured Post

The Ultimate Checklist to Optimize Your Website

Websites are getting bigger and complicated by the day. Video, images, custom fonts are all great for showcasing your product/service. But the price to pay in terms of reduced page load times and ultimately, decreased sales, can lead to some difficult decisions about what to cut.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

689 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question