2008/20012 DNS Issue

our internal domain is company.com and our website is www.company.com.  the website is on a server hosted by another company.  
for over a year we have had no problems.  Now we are unable to get to our web site, our internal DNS server points us back to our domain controllers.  
In our DNS we have these static A records
(same as parent)    Host A  (external IP address)   Same as parent reverts to company.com
www                        Host A

these came automatically fiilled in from our AD copntrollers
(same as parent)    Host A   (internal IP address, DC)
(same as parent)    Host A   (internal IP address, DC)

Like I said this hasn't been a problem before.  But no one internally can get to company.com
Scott McIntoshAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Thomas WheelerCommented:
can you do an nslookup and post the results?
nslookup company.com
nslookup company.com

Open in new window

Aland CoonsSystems EngineerCommented:
Usually when the domain internal matches the domain external I find I have to seed the DNS with the external IP addresses.  That's why when I setup domains I now use a domain like COMPANY.local instead of .com or .net

So if you have company.com in your DNS but pointing to an external host it will screw up your domain resolution and computer may be unable to find SYSVOL and an active domain controller.

However populating WWW a record in your DNS is usually all that is required to get it working.
Have you recently changed the address of the server (externally) where your website is hosted.
So all together you should type www.company.com to get to your website NOT company.com.
Does that help or are we still missing parts?
Aland CoonsSystems EngineerCommented:
To expand on Thomas's comment about about using NSLOOKUP to check DNS entries what do you get when you lookup www.company.com instead of just company.com?
Acronis True Image 2019 just released!

Create a reliable backup. Make sure you always have dependable copies of your data so you can restore your entire system or individual files.

Britt ThompsonSr. Systems EngineerCommented:
If your internal domain name is company.com you can't change that root record without breaking AD and DNS internally. Activate directory and group policies use that root company.com record for the DFS store used to hold all the GPOs and SYSVOL data at \\company.com\NETLOGON and SYSVOL. If you change those records it will look for NETLOGON from a UNC path at your external domain's web IP. It's safe to change the www record but not the root.

First, use http://mxtoolbox.com/DNSLookup.aspx to find the latest IP of your website to ensure you're using the correct IP internally (these can change with shared hosting like GoDaddy if your DNS is hosted with them as well).

If you want to resolve the domain resolution internally, and your domain setup supports it, you can use RENDOM to rename your internal domain to something like ad.company.com or corp.company.com. Using .local or non-routable domains is something to avoid now that you can no longer purchase 3rd party certificates to cover the domain suffixes. Using prefix.company.com allows you to purchase wildcard certificates from a trusted CA for use internally and externally.
Scott McIntoshAuthor Commented:
Should have posted this earlier.  nslookup from internal shows all internal AD and the external address.  nslookup using external DNS shows correct.  

the domain was setup with .com internally when I got here 3 years ago.    Everything was working without trouble until this morning.  

what is really strange is, if I try www.company.com , the www gets stripped off and I get the internal company server.

I am able to hit the website about one in 10 tries.
Britt ThompsonSr. Systems EngineerCommented:
The 1 in 10 tries sounds like your DNS may be round robining between multiple records. If you run an ipconfig /displaydns do you see multiple records for your domain? Do you have more than one DNS server assigned to the client NICs or more than one DC where DNS may not be replicated properly? Is it possible the server updated the DNS data files with an additional record?
Scott McIntoshAuthor Commented:
I have 5 DNS servers.  Each location has a domain controller, the corporate has 2.
Each DC points to the primary DNS server at the corporate office, with the secondary being it's own IP address.

All users and member servers has a primary DNS of the local DNS server, with the secondary being the primary DNS server in the corporate office.

I don't have any errors in my DNS logs
Britt ThompsonSr. Systems EngineerCommented:
You may not have any errors but do the records match between the sites? I would be surprised if DNS was replicating properly if the root record of the domain was changed to a public address.
Scott McIntoshAuthor Commented:
Yes, all records have been matching.    They all get updated on the hour with all records
Britt ThompsonSr. Systems EngineerCommented:
What was the output results of the ipconfig /displaydns?
Scott McIntoshAuthor Commented:
It shows all A records of the systems with system name.
Doesn't show any that are set to same as parent
Aland CoonsSystems EngineerCommented:
To be totally clear you MUST DELETE any A records for company.com that point to external IP address leaving only domain internal addresses to resolve to the primary domain AND you must retain WWW as a named record pointing to the external IP address of your webhost
This must be entered into one of your DNS servers and verify that it replicates properly to all four of the others. (ref. Microsoft DNS KB Article)
Your primary indication this is not configured correctly is "the www gets stripped off and I get the internal company server"
Finally you must make sure that clients only resolve their DNS through the authorized DNS servers in your domain.
DrDave242Senior Support EngineerCommented:
what is really strange is, if I try www.company.com , the www gets stripped off and I get the internal company server.
This indicates the presence of an HTTP redirect on the website. It takes requests for www.company.com and redirects them to company.com. Outside of the office, this isn't a problem, but inside, the effect is the same as browsing to company.com: it doesn't work because of the domain-name issue.

The only solution, aside from renaming your Active Directory domain, is to contact the web host and have them remove the redirect, then instruct your internal users that they must use www in the URL when browsing the site.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Scott McIntoshAuthor Commented:
We went ahead and turned off the redirect for our site.  It resolves to www.company.com now and everyone is connecting to just fine.  Thanks for the assistance
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.