I have a created a new active directory infrastructure domain call ABC.com and it has active directory local DNS and use all active directory member servers and clients. Also I do have a web site host in third party hosting services with same site name ABC.com. However, users now complaining that they cannot access to the website ( ABC.com) from their computers. I do have in house Microsoft environment as well.
Please list of possible solution ? All NAT configuration were made already.
Thank you
Active DirectoryDNSInternet ProtocolsMicrosoft IIS Web Server
Last Comment
Mdlinnett
8/22/2022 - Mon
XcelogiX
You have created a "split brain" DNS infrastructure, meaning you now have completely separate internal and external DNS namespaces for ABC.com. You will need to put all of the same records that are in your external DNS zone in your internal one.
It is usually recommended to setup the AD namespace as a delegation of your external namespace (etc, internal.abc.com) to avoid this problem.
Jey_P
ASKER
Thank you. Could you please provide a walk through what are the configuration need include in split brain DNS session? Do i need to do some changes in hosting site ? Also , include some short of reference to get more understanding . I am a junior Networking background person and not very familiar with AD, DNS.
You won't need a new zone if your Internal Domain matches your external Domain name, ie; both are abc.com, you will just need to create a new 'A' record in your existing DNS zone for abc.com called 'www'.
Go into DNS > View > Advanced.
Now, expand Forward Lookup Zones and select your zone 'abc.com'.
In the main panel on the right-hand side, right-click on a blank area and click on 'New Host (A or AAAA)...'
Name = www
IP Address = the Webserver's Internal IP
Create Associated Pointer Record = Tick if not already done
Timestamp = All 0's
It's important the timestamp is all 0's, this will make it a static entry so it will never be accidentally scavenged (if configured).
It's important
Are you doing the ping from the server or workstation? What is the DNS server that is set on the NIC of the machine?
Jey_P
ASKER
I am ping from one of AD member server. The server NIC set to my local DNS which is our active directory DNS server IP.
dipersp
Without seeing it, hard to say. If you want to send a screen shot and mask as little as possible. . . Would be nice to see what you set in the DNS server.
Thank you , Please check screen shot. i did enter in public IP address in IP address session and FQDN is abc.com . Also , i created new zone with revers lookup zone and the pointer will be created PTR automatically in revers zone DNS-Updates.PNG
dipersp
Thanks for the screen shot though it's not very helpful since everything is masked. Here's an example of what mine would look like if I was in your shoes.
Also, a timeout when pinging is fine, IF the IP is resolving. See attached. Many hosts don't have ping turned on, so a timeout if normal but it must resolve to the correct IP. Ping.jpg DNS.jpg
Jey_P
ASKER
Thank you for your comment . I did exactly same as you configured in the screen shot. Only different i did select PTR ( check marked ) record .
I understand the ping turned off some hosts. For your information ,I could able to resolve using NS LOOKUP.
If the IP is resolving correctly, it sounds like all is fine on the DNS side. If you ping your website from outside your network, does it ping successfully there? You're sure the IP is correct (Verify against the ping on the outside world.)
Jey_P
ASKER
I could resolve the IP from my domain controller using NSLOOKUP. I am unable to ping outside my network as well. The IP address is correct , i did verified.
dipersp
Sorry out of ideas. If the ip is resolving the same internally as externally, then something else is at play such as web filtering or something. Could be any number of issues - firewall, web filtering, proxy...
Is the web server in your own network? If so, the traffic from your internal clients is being routed to the outside and then back in to that server, which then sends it back out again. This might not work if there is a router or firewall seeing traffic taking a route like that. If that is your case, and the server has an internal IP that is routeable by the internal clients, try connecting to it using the internal IP.
Mdlinnett
Well picked up, I just read that used external / public ip address for your internal dns zone, use the internal address, otherwise you need configure nat loopback on your firewall.
It is usually recommended to setup the AD namespace as a delegation of your external namespace (etc, internal.abc.com) to avoid this problem.