asked on
2008/20012 DNS Issue
our internal domain is company.com and our website is www.company.com. the website is on a server hosted by another company.
for over a year we have had no problems. Now we are unable to get to our web site, our internal DNS server points us back to our domain controllers.
In our DNS we have these static A records
(same as parent) Host A 72.72.72.72 (external IP address) Same as parent reverts to company.com
www Host A 72.72.72.72
these came automatically fiilled in from our AD copntrollers
(same as parent) Host A 10.0.0.1 (internal IP address, DC)
(same as parent) Host A 10.0.0.2 (internal IP address, DC)
Like I said this hasn't been a problem before. But no one internally can get to company.com
for over a year we have had no problems. Now we are unable to get to our web site, our internal DNS server points us back to our domain controllers.
In our DNS we have these static A records
(same as parent) Host A 72.72.72.72 (external IP address) Same as parent reverts to company.com
www Host A 72.72.72.72
these came automatically fiilled in from our AD copntrollers
(same as parent) Host A 10.0.0.1 (internal IP address, DC)
(same as parent) Host A 10.0.0.2 (internal IP address, DC)
Like I said this hasn't been a problem before. But no one internally can get to company.com
Windows Server 2008DNSWindows Server 2012
Last Comment
Scott McIntosh
Usually when the domain internal matches the domain external I find I have to seed the DNS with the external IP addresses. That's why when I setup domains I now use a domain like COMPANY.local instead of .com or .net
So if you have company.com in your DNS but pointing to an external host it will screw up your domain resolution and computer may be unable to find SYSVOL and an active domain controller.
However populating WWW a record in your DNS is usually all that is required to get it working.
Have you recently changed the address of the server (externally) where your website is hosted.
So all together you should type www.company.com to get to your website NOT company.com.
Does that help or are we still missing parts?
So if you have company.com in your DNS but pointing to an external host it will screw up your domain resolution and computer may be unable to find SYSVOL and an active domain controller.
However populating WWW a record in your DNS is usually all that is required to get it working.
Have you recently changed the address of the server (externally) where your website is hosted.
So all together you should type www.company.com to get to your website NOT company.com.
Does that help or are we still missing parts?
To expand on Thomas's comment about about using NSLOOKUP to check DNS entries what do you get when you lookup www.company.com instead of just company.com?
If your internal domain name is company.com you can't change that root record without breaking AD and DNS internally. Activate directory and group policies use that root company.com record for the DFS store used to hold all the GPOs and SYSVOL data at \\company.com\NETLOGON and SYSVOL. If you change those records it will look for NETLOGON from a UNC path at your external domain's web IP. It's safe to change the www record but not the root.
First, use http://mxtoolbox.com/DNSLookup.aspx to find the latest IP of your website to ensure you're using the correct IP internally (these can change with shared hosting like GoDaddy if your DNS is hosted with them as well).
If you want to resolve the domain resolution internally, and your domain setup supports it, you can use RENDOM to rename your internal domain to something like ad.company.com or corp.company.com. Using .local or non-routable domains is something to avoid now that you can no longer purchase 3rd party certificates to cover the domain suffixes. Using prefix.company.com allows you to purchase wildcard certificates from a trusted CA for use internally and externally.
First, use http://mxtoolbox.com/DNSLookup.aspx to find the latest IP of your website to ensure you're using the correct IP internally (these can change with shared hosting like GoDaddy if your DNS is hosted with them as well).
If you want to resolve the domain resolution internally, and your domain setup supports it, you can use RENDOM to rename your internal domain to something like ad.company.com or corp.company.com. Using .local or non-routable domains is something to avoid now that you can no longer purchase 3rd party certificates to cover the domain suffixes. Using prefix.company.com allows you to purchase wildcard certificates from a trusted CA for use internally and externally.
ASKER
Should have posted this earlier. nslookup from internal shows all internal AD and the external address. nslookup using external DNS shows correct.
the domain was setup with .com internally when I got here 3 years ago. Everything was working without trouble until this morning.
what is really strange is, if I try www.company.com , the www gets stripped off and I get the internal company server.
I am able to hit the website about one in 10 tries.
the domain was setup with .com internally when I got here 3 years ago. Everything was working without trouble until this morning.
what is really strange is, if I try www.company.com , the www gets stripped off and I get the internal company server.
I am able to hit the website about one in 10 tries.
The 1 in 10 tries sounds like your DNS may be round robining between multiple records. If you run an ipconfig /displaydns do you see multiple records for your domain? Do you have more than one DNS server assigned to the client NICs or more than one DC where DNS may not be replicated properly? Is it possible the server updated the DNS data files with an additional record?
ASKER
I have 5 DNS servers. Each location has a domain controller, the corporate has 2.
Each DC points to the primary DNS server at the corporate office, with the secondary being it's own IP address.
All users and member servers has a primary DNS of the local DNS server, with the secondary being the primary DNS server in the corporate office.
I don't have any errors in my DNS logs
Each DC points to the primary DNS server at the corporate office, with the secondary being it's own IP address.
All users and member servers has a primary DNS of the local DNS server, with the secondary being the primary DNS server in the corporate office.
I don't have any errors in my DNS logs
You may not have any errors but do the records match between the sites? I would be surprised if DNS was replicating properly if the root record of the domain was changed to a public address.
ASKER
Yes, all records have been matching. They all get updated on the hour with all records
What was the output results of the ipconfig /displaydns?
ASKER
It shows all A records of the systems with system name.
Doesn't show any that are set to same as parent
Doesn't show any that are set to same as parent
To be totally clear you MUST DELETE any A records for company.com that point to external IP address leaving only domain internal addresses to resolve to the primary domain AND you must retain WWW as a named record pointing to the external IP address of your webhost
This must be entered into one of your DNS servers and verify that it replicates properly to all four of the others. (ref. Microsoft DNS KB Article)
Your primary indication this is not configured correctly is "the www gets stripped off and I get the internal company server"
Finally you must make sure that clients only resolve their DNS through the authorized DNS servers in your domain.
This must be entered into one of your DNS servers and verify that it replicates properly to all four of the others. (ref. Microsoft DNS KB Article)
Your primary indication this is not configured correctly is "the www gets stripped off and I get the internal company server"
Finally you must make sure that clients only resolve their DNS through the authorized DNS servers in your domain.
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
We went ahead and turned off the redirect for our site. It resolves to www.company.com now and everyone is connecting to just fine. Thanks for the assistance
Open in new window