Link to home
Start Free TrialLog in
Avatar of alphapcjim
alphapcjim

asked on

DNS - website has dropped the www, so we can no longer access the site from inside

Our third-party web developer just changed the website so it now redirects from www.domain.com to  https:\\domain.com without the www. After this change, no one on the LAN can access our website anymore, because “domain.com” points to an internal IP address. Previously everyone could get to the website because www points to the outside public IP address of our website. Now that the www is dropped that no longer works. We can change DNS to a public site (8.8.8.8) and can of course then get website access, but then Outlook disconnects from our on premise Exchange server. Please help. We have numerous portable laptops, so the solution needs to work both inside and outside LAN.
Avatar of Mahesh
Mahesh
Flag of India image

We can change DNS to a public site (8.8.8.8) and can of course then get website access, but then Outlook disconnects from our on premise Exchange server

This is expected behaviour..

website domain.com must be your internal AD domain as well?

Is not it?

If yes, just keep using www.domain.com and forget redirection

If you are saying that by changing dns to google dns (8.8.8.8), you are able to reach to web site, it means either web site with domain.com is not available in internal DNS and yes, outlook will get disconnected or even you will face more authentication issues as well since you are not pointing to your DC as primary dns on workstations

You need to ensure that client will always point to internal dns and internal dns server would forward traffic to external dns servers such as google dns (8.8.4.4/8.8.8.8)
There's no easy fix for this. Well, I suppose there is one: contact the web developer and tell them to remove that redirect because it causes problems in your environment. Assuming the developer won't do this, you've really got one option: rename your Active Directory domain so that it doesn't have the same name as your registered Internet domain. Depending on the size and complexity of your AD environment, this may be a relatively simple process or downright impossible. (Exchange Server, for example, is problematic; it doesn't care for domain rename at all, although creating a new AD forest and migrating everything to it is still a possibility.)
Simplest "solution" (more like workaround) is exactly what Dr. Dave has mentioned: have the web developer undo what they've already done. What was the point of removing the www in the first place? If anything, I would've done the opposite: redirect traffic NOT using the www to www.domain.com

Renaming the AD domain would be ideal, but it's not necessarily going to be simple. And the rush to make that change isn't worth it at this point. However, in the long run it SHOULD be done.
Notwithstanding the comments above about having an AD domain the same as your public domain, would another option be to ask the web developer to not do the redirect if the client IP is one of your office IP addresses (assuming they are static)? They would just need to make it a conditional rewrite rather than a fixed redirect. That way, your site visitors can have a web site without the "www" prefix and still view the site with the prefix.
There is absolutely nothing wrong with having the same domain external and internal. Get your web host to change to www or use the below commands on your DCs

netsh interface portproxy add v4tov4 listenport=80 connectaddress=<website IP> connectport=80 protocol=tcp
netsh interface portproxy add v4tov4 listenport=443 connectaddress=<website IP> connectport=443 protocol=tcp

Open in new window

That's interesting. I don't think I've ever seen netsh int portproxy before, but it appears that it will work in this situation.

I'm still against using the same name for internal and external domains, though. If nothing else, it increases the amount of administration required to make things work normally.
I'm still against using the same name for internal and external domains, though. If nothing else, it increases the amount of administration required to make things work normally.
Out of the countless conversations I have had on the topic it's always about the website resolution internally. This is hardly any effort to get working.
I agree; it's pretty much always this issue, which crops up here all the time. But beyond that, little things - additions or changes to public DNS records, for example - have to be done in two places rather than one, and if you forget this (or have no knowledge of the environment because you've just been hired as the new admin), you run into unexpected issues and have to spend time fixing them. I'm not saying it can't be made to work; it's just not ideal in my experience.
@shaun, this is great solution
But have a query here
Would it block ad web services from execution on dcs since command redirecting both http ports
No. ADWS is Port 9389 TCP
This question needs an answer!
Become an EE member today
7 DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.