Solved

Strange DNS happens

Posted on 2016-11-04
14
49 Views
Last Modified: 2016-11-27
Good Morning Folks,

We moved our on prem website to an offsite hosted environment.  Made what I believe to be the proper changes to DNS internally (external was handled by the contractor and looks correct). changed the www DNS entry to reflex the new server address.

What is happening now is this.  When i leave the DHCP settings alone I can access all internal resources and access our servers in Vcloud air, but when you type in the website address it goes to an IIS start page (internally only) externally its fine.  I have added a few different external DNS servers to the mix.  When I move an external higher in the list of available servers the website works internally but breaks RDP to the vcloud servers (i can RDP using the IP address but not the name).

I have waited 24 hours just to make sure everything had time to refresh.  Anyone have any thoughts or ideas.

Thanks

John
0
Comment
Question by:jkandris
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 4
  • 2
  • +1
14 Comments
 
LVL 6

Expert Comment

by:Joshua Hopkins
ID: 41874007
If you updated your DNS host did you also update your internal DNS servers.  If so then you should be fine by just running ipconfig /flushdns on a computer or 2 for testing.

If you have not made the changes to your internal dns then you will need to update the www record to reflect the new server that is hosting your domain.
0
 

Author Comment

by:jkandris
ID: 41874322
Hey Joshua,

Thanks for answering and yes we did update the www record to reflect the new address.

When I ping www.example.com it shows the correct address, but when i ping example.com it shows an internal server (the DNS server)

When I try and go the website with www in front it drops it out of the address and goes to example.com.
0
 
LVL 2

Expert Comment

by:OnlineSupport
ID: 41874334
Yes, that is because your external domain name is the same as your internal? You are going to the DC\DNS server probably

If your site uses 443 try access that https://example.com that probably work
0
Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 6

Expert Comment

by:Joshua Hopkins
ID: 41874346
Is your internal active directory domain the same i.e. example.com or is it example.local?  If it is example.local then you can delete the whole zone from DNS if it is not then you have 2 options.

This issue would be what is know as a split zone.  I would check out Split Zone or no Split Zone - Can't Access Internal Website with External Name

There are a number of options to address this and all of them come with certain costs/risks.  If the split zone article does not help let me know and i will post some of the options.
0
 

Author Comment

by:jkandris
ID: 41874373
onl,

Interestingly or frighteningly enough when I put the s at the end it goes to a completely different companies website.

Joshua,

It is a split zone.  Thanks for the help and Ill see if I can make it work

John
0
 
LVL 2

Expert Comment

by:OnlineSupport
ID: 41874384
That is strange!  I take it you have created the record as root also pointing to external IP, not just the www. ?

I had the same issue with a client, also found it worked on certain browsers once ben cached.

the problem with same external and internal DNS.

you could also save a load of agro and just get internal usres use www.
0
 

Author Comment

by:jkandris
ID: 41874401
Onl,

I have the www a record setup can you explain the root one to me.  that may be the trick.

Im having similar things with certain browsers.  Its all over the place.
0
 
LVL 2

Expert Comment

by:OnlineSupport
ID: 41874414
Just when you create the A record leave the name Blank (same as Parent). enter your external IP.
0
 

Author Comment

by:jkandris
ID: 41874456
Thanks.  I added that record flushed dns when I do an nslookup on example.com it shows all the same as entries and it still goes to the same place as before.

Im starting to think I may just live the remapping the drives and only using IP address to RDP to the servers.

Any other suggestions Folks
0
 
LVL 2

Expert Comment

by:OnlineSupport
ID: 41874475
what if you now try https:? 

I wouldnt change DNS to external on a Domain. you want to be able to resolve local services. if you cant even resolve internal servers then you bound to get problems.

Why cant they just use www.?

There are lots of options to get round your RDP, you could just create a new forward zone and then add A records for your RDP servers and then just use that to connect to them, just really messy though
1
 

Author Comment

by:jkandris
ID: 41874501
https still goes to a different website.  Ive got someone else checking that out for now.

Ive got a messy work around in place Im not happy with it totally but I can manage it for now.

When they type www.example.com in the browser it drops it off and goes without the www.  

What I found that works kind of is how the dns servers are listed in DHCP  external, internal (lan), internal (wan) external google dns.

Some of the users i am having to remap their network drives using IP addresses but some I am not.

Im going to let it ride a bit longer and see what else happens before I make anymore changes.
0
 
LVL 26

Expert Comment

by:DrDave242
ID: 41879501
You've got a couple of things going on here. First, here's the short fix:

On the website itself, there's an HTTP redirect from www.example.com to example.com. That's why the URL changes in the browser when someone browses to www.example.com. Get rid of that redirect and instruct your internal users to always add the www to the URL, and it should work. (Vigorous cache-flushing may be needed after the change is made.)

Now some more info:

Creating a blank host record in your domain's forward lookup zone won't work consistently, if at all. There are already blank host records in there, and they should all resolve to the IP addresses of your domain controllers. That's by design, and those records are used by Active Directory. Because of round-robin DNS, client-side caching, and browser caching, adding another blank host record and browsing to example.com from an internal client will produce unpredictable results. it's never going to work all the time, and it's likely to not work most of the time. If you've already created that blank host record, you may as well delete it; it's not doing any good. Leave the www record in place, though; it is necessary.

What I found that works kind of is how the dns servers are listed in DHCP  external, internal (lan), internal (wan) external google dns.
That's not really a good idea. Domain-joined machines should only use internal DNS servers. Those users you mentioned as having to re-map drives using IP addresses? That's because their machines are trying to use an external DNS server to resolve the names of internal resources, which is never going to work correctly.
1
 

Accepted Solution

by:
jkandris earned 0 total points
ID: 41897423
Turns out that the hosting company had our PAT IP address blocked for some reason
0
 

Author Closing Comment

by:jkandris
ID: 41902950
It was found to be the correct one
0

Featured Post

Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Learn how to PXE Boot both BIOS & UEFI machines with DHCP Policies and Custom Vendor Classes
Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question