DNS issue

You have created a "split brain" DNS infrastructure, meaning you now have completely separate internal and external DNS namespaces for ABC.com. You will need to put all of the same records that are in your external DNS zone in your internal one.

It is usually recommended to setup the AD namespace as a delegation of your external namespace (etc, internal.abc.com) to avoid this problem.

Thank you. Could you please provide a walk through what are the configuration need  include in split brain DNS session? Do i need to do some changes in hosting site ? Also , include some short of reference to get more understanding . I am a junior Networking background person and not very familiar with AD, DNS.

Thanks,

You won't need a new zone if your Internal Domain matches your external Domain name, ie; both are abc.com, you will just need to create a new 'A' record in your existing DNS zone for abc.com called 'www'.

Go into DNS > View > Advanced.

Now, expand Forward Lookup Zones and select your zone 'abc.com'.

In the main panel on the right-hand side, right-click on a blank area and click on 'New Host (A or AAAA)...'

Name = www
IP Address = the Webserver's Internal IP
Create Associated Pointer Record = Tick if not already done
Timestamp = All 0's

It's important the timestamp is all 0's, this will make it a static entry so it will never be accidentally scavenged (if configured).
It's important

Correct - you don't need the new zone. Habit of mine. If your domain zone didn't match your web site domain you would want an additional zone.

It would still work though, I'm just toeing the MS line 'least administrative effort'. :)

Thank you  for your comments. Still now working . I don't see PTR record created.  Is that cause the issue ?  Please assist .

What response do you get if you ping www.abc.com?  Does it resolve your website's IP address?

I am getting time out .

I am getting time out when i ping www.abc.com. However , when i do nslookup it will resolve name and or IP.

Are you doing the ping from the server or workstation?  What is the DNS server that is set on the NIC of the machine?

I am ping from one of AD member server.  The server NIC set to my local DNS which is our active directory DNS server IP.

Without seeing it, hard to say.  If you want to send a screen shot and mask as little as possible. . .  Would be nice to see what you set in the DNS server.

Thank you , Please check screen shot. i did enter in public IP address in IP address session and  FQDN is abc.com . Also , i created new zone with revers lookup zone and the pointer will be created PTR automatically in revers zone
DNS-Updates.PNG

Thanks for the screen shot though it's not very helpful since everything is masked.  Here's an example of what mine would look like if I was in your shoes.

Also, a timeout when pinging is fine, IF the IP is resolving.  See attached.  Many hosts don't have ping turned on, so a timeout if normal but it must resolve to the correct IP.
Ping.jpg
DNS.jpg

Thank you for your comment . I did exactly same as you configured in the screen shot. Only different i did select PTR ( check marked ) record .

I understand the ping turned off some hosts. For your information ,I could able to resolve using NS LOOKUP.

Do I need uncheck PTR record ?

No PTR is fine.  So IP resolves.  I'm assuming you're not able to get to your site still from within your network by a browser?

Correct . I am able to resolving the IP using NSLOOKUP, i cannot browse it with in my network.

Flush the dns cache on Servers and a test client - ipconfig /flushdns from a change prompt window. Then try accessing it again.

If the IP is resolving correctly, it sounds like all is fine on the DNS side.  If you ping your website from outside your network, does it ping successfully there?  You're sure the IP is correct (Verify against the ping on the outside world.)

I could resolve the IP from my domain controller using NSLOOKUP. I am unable to ping outside my network as well. The IP address is correct , i did verified.

Sorry out of ideas. If the ip is resolving the same internally as externally, then something else is at play such as web filtering or something. Could be any number of issues - firewall, web filtering, proxy...

Is the web server in your own network? If so, the traffic from your internal clients is being routed to the outside and then back in to that server, which then sends it back out again. This might not work if there is a router or firewall seeing traffic taking a route like that. If that is your case, and the server has an internal IP that is routeable by the internal clients, try connecting to it using the internal IP.

Well picked up, I just read that used external / public ip address for your internal dns zone, use the internal address, otherwise you need configure nat loopback on your firewall.