Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 86
  • Last Modified:

2008/20012 DNS Issue

our internal domain is company.com and our website is www.company.com.  the website is on a server hosted by another company.  
for over a year we have had no problems.  Now we are unable to get to our web site, our internal DNS server points us back to our domain controllers.  
In our DNS we have these static A records
(same as parent)    Host A         72.72.72.72  (external IP address)   Same as parent reverts to company.com
www                        Host A         72.72.72.72

these came automatically fiilled in from our AD copntrollers
(same as parent)    Host A         10.0.0.1   (internal IP address, DC)
(same as parent)    Host A         10.0.0.2   (internal IP address, DC)

Like I said this hasn't been a problem before.  But no one internally can get to company.com
0
Scott McIntosh
Asked:
Scott McIntosh
  • 5
  • 4
  • 3
  • +2
1 Solution
 
Thomas WheelerCommented:
can you do an nslookup and post the results?
nslookup company.com
nslookup company.com 8.8.8.8

Open in new window

0
 
Aland CoonsSystems EngineerCommented:
Usually when the domain internal matches the domain external I find I have to seed the DNS with the external IP addresses.  That's why when I setup domains I now use a domain like COMPANY.local instead of .com or .net

So if you have company.com in your DNS but pointing to an external host it will screw up your domain resolution and computer may be unable to find SYSVOL and an active domain controller.

However populating WWW a record in your DNS is usually all that is required to get it working.
Have you recently changed the address of the server (externally) where your website is hosted.
So all together you should type www.company.com to get to your website NOT company.com.
Does that help or are we still missing parts?
0
 
Aland CoonsSystems EngineerCommented:
To expand on Thomas's comment about about using NSLOOKUP to check DNS entries what do you get when you lookup www.company.com instead of just company.com?
0
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

 
Britt ThompsonSr. Systems EngineerCommented:
If your internal domain name is company.com you can't change that root record without breaking AD and DNS internally. Activate directory and group policies use that root company.com record for the DFS store used to hold all the GPOs and SYSVOL data at \\company.com\NETLOGON and SYSVOL. If you change those records it will look for NETLOGON from a UNC path at your external domain's web IP. It's safe to change the www record but not the root.

First, use http://mxtoolbox.com/DNSLookup.aspx to find the latest IP of your website to ensure you're using the correct IP internally (these can change with shared hosting like GoDaddy if your DNS is hosted with them as well).

If you want to resolve the domain resolution internally, and your domain setup supports it, you can use RENDOM to rename your internal domain to something like ad.company.com or corp.company.com. Using .local or non-routable domains is something to avoid now that you can no longer purchase 3rd party certificates to cover the domain suffixes. Using prefix.company.com allows you to purchase wildcard certificates from a trusted CA for use internally and externally.
0
 
Scott McIntoshAuthor Commented:
Should have posted this earlier.  nslookup from internal shows all internal AD and the external address.  nslookup using external DNS shows correct.  

the domain was setup with .com internally when I got here 3 years ago.    Everything was working without trouble until this morning.  

what is really strange is, if I try www.company.com , the www gets stripped off and I get the internal company server.

I am able to hit the website about one in 10 tries.
0
 
Britt ThompsonSr. Systems EngineerCommented:
The 1 in 10 tries sounds like your DNS may be round robining between multiple records. If you run an ipconfig /displaydns do you see multiple records for your domain? Do you have more than one DNS server assigned to the client NICs or more than one DC where DNS may not be replicated properly? Is it possible the server updated the DNS data files with an additional record?
0
 
Scott McIntoshAuthor Commented:
I have 5 DNS servers.  Each location has a domain controller, the corporate has 2.
Each DC points to the primary DNS server at the corporate office, with the secondary being it's own IP address.

All users and member servers has a primary DNS of the local DNS server, with the secondary being the primary DNS server in the corporate office.

I don't have any errors in my DNS logs
0
 
Britt ThompsonSr. Systems EngineerCommented:
You may not have any errors but do the records match between the sites? I would be surprised if DNS was replicating properly if the root record of the domain was changed to a public address.
0
 
Scott McIntoshAuthor Commented:
Yes, all records have been matching.    They all get updated on the hour with all records
0
 
Britt ThompsonSr. Systems EngineerCommented:
What was the output results of the ipconfig /displaydns?
0
 
Scott McIntoshAuthor Commented:
It shows all A records of the systems with system name.
Doesn't show any that are set to same as parent
0
 
Aland CoonsSystems EngineerCommented:
To be totally clear you MUST DELETE any A records for company.com that point to external IP address leaving only domain internal addresses to resolve to the primary domain AND you must retain WWW as a named record pointing to the external IP address of your webhost
This must be entered into one of your DNS servers and verify that it replicates properly to all four of the others. (ref. Microsoft DNS KB Article)
Your primary indication this is not configured correctly is "the www gets stripped off and I get the internal company server"
Finally you must make sure that clients only resolve their DNS through the authorized DNS servers in your domain.
0
 
DrDave242Commented:
what is really strange is, if I try www.company.com , the www gets stripped off and I get the internal company server.
This indicates the presence of an HTTP redirect on the website. It takes requests for www.company.com and redirects them to company.com. Outside of the office, this isn't a problem, but inside, the effect is the same as browsing to company.com: it doesn't work because of the domain-name issue.

The only solution, aside from renaming your Active Directory domain, is to contact the web host and have them remove the redirect, then instruct your internal users that they must use www in the URL when browsing the site.
1
 
Scott McIntoshAuthor Commented:
We went ahead and turned off the redirect for our site.  It resolves to www.company.com now and everyone is connecting to just fine.  Thanks for the assistance
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Easily Design & Build Your Next Website

Squarespace’s all-in-one platform gives you everything you need to express yourself creatively online, whether it is with a domain, website, or online store. Get started with your free trial today, and when ready, take 10% off your first purchase with offer code 'EXPERTS'.

  • 5
  • 4
  • 3
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now