John Kandris
asked on
Strange DNS happens
Good Morning Folks,
We moved our on prem website to an offsite hosted environment. Made what I believe to be the proper changes to DNS internally (external was handled by the contractor and looks correct). changed the www DNS entry to reflex the new server address.
What is happening now is this. When i leave the DHCP settings alone I can access all internal resources and access our servers in Vcloud air, but when you type in the website address it goes to an IIS start page (internally only) externally its fine. I have added a few different external DNS servers to the mix. When I move an external higher in the list of available servers the website works internally but breaks RDP to the vcloud servers (i can RDP using the IP address but not the name).
I have waited 24 hours just to make sure everything had time to refresh. Anyone have any thoughts or ideas.
Thanks
John
We moved our on prem website to an offsite hosted environment. Made what I believe to be the proper changes to DNS internally (external was handled by the contractor and looks correct). changed the www DNS entry to reflex the new server address.
What is happening now is this. When i leave the DHCP settings alone I can access all internal resources and access our servers in Vcloud air, but when you type in the website address it goes to an IIS start page (internally only) externally its fine. I have added a few different external DNS servers to the mix. When I move an external higher in the list of available servers the website works internally but breaks RDP to the vcloud servers (i can RDP using the IP address but not the name).
I have waited 24 hours just to make sure everything had time to refresh. Anyone have any thoughts or ideas.
Thanks
John
ASKER
Hey Joshua,
Thanks for answering and yes we did update the www record to reflect the new address.
When I ping www.example.com it shows the correct address, but when i ping example.com it shows an internal server (the DNS server)
When I try and go the website with www in front it drops it out of the address and goes to example.com.
Thanks for answering and yes we did update the www record to reflect the new address.
When I ping www.example.com it shows the correct address, but when i ping example.com it shows an internal server (the DNS server)
When I try and go the website with www in front it drops it out of the address and goes to example.com.
Yes, that is because your external domain name is the same as your internal? You are going to the DC\DNS server probably
If your site uses 443 try access that https://example.com that probably work
If your site uses 443 try access that https://example.com that probably work
Is your internal active directory domain the same i.e. example.com or is it example.local? If it is example.local then you can delete the whole zone from DNS if it is not then you have 2 options.
This issue would be what is know as a split zone. I would check out Split Zone or no Split Zone - Can't Access Internal Website with External Name
There are a number of options to address this and all of them come with certain costs/risks. If the split zone article does not help let me know and i will post some of the options.
This issue would be what is know as a split zone. I would check out Split Zone or no Split Zone - Can't Access Internal Website with External Name
There are a number of options to address this and all of them come with certain costs/risks. If the split zone article does not help let me know and i will post some of the options.
ASKER
onl,
Interestingly or frighteningly enough when I put the s at the end it goes to a completely different companies website.
Joshua,
It is a split zone. Thanks for the help and Ill see if I can make it work
John
Interestingly or frighteningly enough when I put the s at the end it goes to a completely different companies website.
Joshua,
It is a split zone. Thanks for the help and Ill see if I can make it work
John
That is strange! I take it you have created the record as root also pointing to external IP, not just the www. ?
I had the same issue with a client, also found it worked on certain browsers once ben cached.
the problem with same external and internal DNS.
you could also save a load of agro and just get internal usres use www.
I had the same issue with a client, also found it worked on certain browsers once ben cached.
the problem with same external and internal DNS.
you could also save a load of agro and just get internal usres use www.
ASKER
Onl,
I have the www a record setup can you explain the root one to me. that may be the trick.
Im having similar things with certain browsers. Its all over the place.
I have the www a record setup can you explain the root one to me. that may be the trick.
Im having similar things with certain browsers. Its all over the place.
Just when you create the A record leave the name Blank (same as Parent). enter your external IP.
ASKER
Thanks. I added that record flushed dns when I do an nslookup on example.com it shows all the same as entries and it still goes to the same place as before.
Im starting to think I may just live the remapping the drives and only using IP address to RDP to the servers.
Any other suggestions Folks
Im starting to think I may just live the remapping the drives and only using IP address to RDP to the servers.
Any other suggestions Folks
what if you now try https:?
I wouldnt change DNS to external on a Domain. you want to be able to resolve local services. if you cant even resolve internal servers then you bound to get problems.
Why cant they just use www.?
There are lots of options to get round your RDP, you could just create a new forward zone and then add A records for your RDP servers and then just use that to connect to them, just really messy though
I wouldnt change DNS to external on a Domain. you want to be able to resolve local services. if you cant even resolve internal servers then you bound to get problems.
Why cant they just use www.?
There are lots of options to get round your RDP, you could just create a new forward zone and then add A records for your RDP servers and then just use that to connect to them, just really messy though
ASKER
https still goes to a different website. Ive got someone else checking that out for now.
Ive got a messy work around in place Im not happy with it totally but I can manage it for now.
When they type www.example.com in the browser it drops it off and goes without the www.
What I found that works kind of is how the dns servers are listed in DHCP external, internal (lan), internal (wan) external google dns.
Some of the users i am having to remap their network drives using IP addresses but some I am not.
Im going to let it ride a bit longer and see what else happens before I make anymore changes.
Ive got a messy work around in place Im not happy with it totally but I can manage it for now.
When they type www.example.com in the browser it drops it off and goes without the www.
What I found that works kind of is how the dns servers are listed in DHCP external, internal (lan), internal (wan) external google dns.
Some of the users i am having to remap their network drives using IP addresses but some I am not.
Im going to let it ride a bit longer and see what else happens before I make anymore changes.
You've got a couple of things going on here. First, here's the short fix:
On the website itself, there's an HTTP redirect from www.example.com to example.com. That's why the URL changes in the browser when someone browses to www.example.com. Get rid of that redirect and instruct your internal users to always add the www to the URL, and it should work. (Vigorous cache-flushing may be needed after the change is made.)
Now some more info:
Creating a blank host record in your domain's forward lookup zone won't work consistently, if at all. There are already blank host records in there, and they should all resolve to the IP addresses of your domain controllers. That's by design, and those records are used by Active Directory. Because of round-robin DNS, client-side caching, and browser caching, adding another blank host record and browsing to example.com from an internal client will produce unpredictable results. it's never going to work all the time, and it's likely to not work most of the time. If you've already created that blank host record, you may as well delete it; it's not doing any good. Leave the www record in place, though; it is necessary.
On the website itself, there's an HTTP redirect from www.example.com to example.com. That's why the URL changes in the browser when someone browses to www.example.com. Get rid of that redirect and instruct your internal users to always add the www to the URL, and it should work. (Vigorous cache-flushing may be needed after the change is made.)
Now some more info:
Creating a blank host record in your domain's forward lookup zone won't work consistently, if at all. There are already blank host records in there, and they should all resolve to the IP addresses of your domain controllers. That's by design, and those records are used by Active Directory. Because of round-robin DNS, client-side caching, and browser caching, adding another blank host record and browsing to example.com from an internal client will produce unpredictable results. it's never going to work all the time, and it's likely to not work most of the time. If you've already created that blank host record, you may as well delete it; it's not doing any good. Leave the www record in place, though; it is necessary.
What I found that works kind of is how the dns servers are listed in DHCP external, internal (lan), internal (wan) external google dns.That's not really a good idea. Domain-joined machines should only use internal DNS servers. Those users you mentioned as having to re-map drives using IP addresses? That's because their machines are trying to use an external DNS server to resolve the names of internal resources, which is never going to work correctly.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
It was found to be the correct one
If you have not made the changes to your internal dns then you will need to update the www record to reflect the new server that is hosting your domain.