Solved

2008/20012 DNS Issue

Posted on 2016-07-18
14
56 Views
Last Modified: 2016-07-21
our internal domain is company.com and our website is www.company.com.  the website is on a server hosted by another company.  
for over a year we have had no problems.  Now we are unable to get to our web site, our internal DNS server points us back to our domain controllers.  
In our DNS we have these static A records
(same as parent)    Host A         72.72.72.72  (external IP address)   Same as parent reverts to company.com
www                        Host A         72.72.72.72

these came automatically fiilled in from our AD copntrollers
(same as parent)    Host A         10.0.0.1   (internal IP address, DC)
(same as parent)    Host A         10.0.0.2   (internal IP address, DC)

Like I said this hasn't been a problem before.  But no one internally can get to company.com
0
Comment
Question by:Scott McIntosh
  • 5
  • 4
  • 3
  • +2
14 Comments
 
LVL 6

Expert Comment

by:Thomas Wheeler
ID: 41717767
can you do an nslookup and post the results?
nslookup company.com
nslookup company.com 8.8.8.8

Open in new window

0
 
LVL 12

Expert Comment

by:alandc
ID: 41717770
Usually when the domain internal matches the domain external I find I have to seed the DNS with the external IP addresses.  That's why when I setup domains I now use a domain like COMPANY.local instead of .com or .net

So if you have company.com in your DNS but pointing to an external host it will screw up your domain resolution and computer may be unable to find SYSVOL and an active domain controller.

However populating WWW a record in your DNS is usually all that is required to get it working.
Have you recently changed the address of the server (externally) where your website is hosted.
So all together you should type www.company.com to get to your website NOT company.com.
Does that help or are we still missing parts?
0
 
LVL 12

Expert Comment

by:alandc
ID: 41717774
To expand on Thomas's comment about about using NSLOOKUP to check DNS entries what do you get when you lookup www.company.com instead of just company.com?
0
 
LVL 30

Expert Comment

by:renazonse
ID: 41717864
If your internal domain name is company.com you can't change that root record without breaking AD and DNS internally. Activate directory and group policies use that root company.com record for the DFS store used to hold all the GPOs and SYSVOL data at \\company.com\NETLOGON and SYSVOL. If you change those records it will look for NETLOGON from a UNC path at your external domain's web IP. It's safe to change the www record but not the root.

First, use http://mxtoolbox.com/DNSLookup.aspx to find the latest IP of your website to ensure you're using the correct IP internally (these can change with shared hosting like GoDaddy if your DNS is hosted with them as well).

If you want to resolve the domain resolution internally, and your domain setup supports it, you can use RENDOM to rename your internal domain to something like ad.company.com or corp.company.com. Using .local or non-routable domains is something to avoid now that you can no longer purchase 3rd party certificates to cover the domain suffixes. Using prefix.company.com allows you to purchase wildcard certificates from a trusted CA for use internally and externally.
0
 

Author Comment

by:Scott McIntosh
ID: 41717908
Should have posted this earlier.  nslookup from internal shows all internal AD and the external address.  nslookup using external DNS shows correct.  

the domain was setup with .com internally when I got here 3 years ago.    Everything was working without trouble until this morning.  

what is really strange is, if I try www.company.com , the www gets stripped off and I get the internal company server.

I am able to hit the website about one in 10 tries.
0
 
LVL 30

Expert Comment

by:renazonse
ID: 41719014
The 1 in 10 tries sounds like your DNS may be round robining between multiple records. If you run an ipconfig /displaydns do you see multiple records for your domain? Do you have more than one DNS server assigned to the client NICs or more than one DC where DNS may not be replicated properly? Is it possible the server updated the DNS data files with an additional record?
0
 

Author Comment

by:Scott McIntosh
ID: 41719137
I have 5 DNS servers.  Each location has a domain controller, the corporate has 2.
Each DC points to the primary DNS server at the corporate office, with the secondary being it's own IP address.

All users and member servers has a primary DNS of the local DNS server, with the secondary being the primary DNS server in the corporate office.

I don't have any errors in my DNS logs
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 30

Expert Comment

by:renazonse
ID: 41719268
You may not have any errors but do the records match between the sites? I would be surprised if DNS was replicating properly if the root record of the domain was changed to a public address.
0
 

Author Comment

by:Scott McIntosh
ID: 41719406
Yes, all records have been matching.    They all get updated on the hour with all records
0
 
LVL 30

Expert Comment

by:renazonse
ID: 41719409
What was the output results of the ipconfig /displaydns?
0
 

Author Comment

by:Scott McIntosh
ID: 41719440
It shows all A records of the systems with system name.
Doesn't show any that are set to same as parent
0
 
LVL 12

Expert Comment

by:alandc
ID: 41719512
To be totally clear you MUST DELETE any A records for company.com that point to external IP address leaving only domain internal addresses to resolve to the primary domain AND you must retain WWW as a named record pointing to the external IP address of your webhost
This must be entered into one of your DNS servers and verify that it replicates properly to all four of the others. (ref. Microsoft DNS KB Article)
Your primary indication this is not configured correctly is "the www gets stripped off and I get the internal company server"
Finally you must make sure that clients only resolve their DNS through the authorized DNS servers in your domain.
0
 
LVL 25

Accepted Solution

by:
DrDave242 earned 500 total points
ID: 41719901
what is really strange is, if I try www.company.com , the www gets stripped off and I get the internal company server.
This indicates the presence of an HTTP redirect on the website. It takes requests for www.company.com and redirects them to company.com. Outside of the office, this isn't a problem, but inside, the effect is the same as browsing to company.com: it doesn't work because of the domain-name issue.

The only solution, aside from renaming your Active Directory domain, is to contact the web host and have them remove the redirect, then instruct your internal users that they must use www in the URL when browsing the site.
1
 

Author Closing Comment

by:Scott McIntosh
ID: 41723170
We went ahead and turned off the redirect for our site.  It resolves to www.company.com now and everyone is connecting to just fine.  Thanks for the assistance
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Join & Write a Comment

Suggested Solutions

This article will review the basic installation and configuration for Windows Software Update Services (WSUS) in a Windows 2012 R2 environment.  WSUS is a Microsoft tool that allows administrators to manage and control updates to be approved and ins…
A safe way to clean winsxs folder from your windows server 2008 R2 editions
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will walk an individual through the process of installing of Data Protection Manager on a server running Windows Server 2012 R2, including the prerequisites. Microsoft .Net 3.5 is required. To install this feature, go to Server Manager…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now