INTERNAL EXTERNAL WITH SAME DOMAIN NAME
With an internal domain name such as fisherk12.org and now also having an external website fisherk12.org how do we configure the local DNS so users on the local network can see the website when they browse to fisherk12.org or www.fisherk12.org?
You have to create A record in your local DNS server for your website, other servers which need to be accessible from LAN.
such website
for the mailbox you can create MX record in DNS
such website
for the mailbox you can create MX record in DNS
The above comments answer your question... and...
What you're suggesting is a very bad idea.
If at any point, your local DNS fails, then you'll be pointing at your live site.
So if you think your making changes to a local site + instead you're making changes to your live site, many complex problems can occur.
Better to only have your live site as www.fisherk12.org + fisherk12.org, then setup another site, like dev.fisherk12.org for internal work.
I've seen many people destroy their sites when taking the approach you describe + their local DNS fails... then they fall over to pubic DNS... then promptly destroy their live site.
If you require assistance setting up dev/staging work, ask a question about how to arrange this.
Likely you'll receive many good suggestions.
What you're suggesting is a very bad idea.
If at any point, your local DNS fails, then you'll be pointing at your live site.
So if you think your making changes to a local site + instead you're making changes to your live site, many complex problems can occur.
Better to only have your live site as www.fisherk12.org + fisherk12.org, then setup another site, like dev.fisherk12.org for internal work.
I've seen many people destroy their sites when taking the approach you describe + their local DNS fails... then they fall over to pubic DNS... then promptly destroy their live site.
If you require assistance setting up dev/staging work, ask a question about how to arrange this.
Likely you'll receive many good suggestions.
ASKER
David, there is no internal website such as an intranet. We just have an external website hosted 3rd party. fisherk12.org is the active directory domain name. Hindsight, this should have been fisherk12.local
Problem with adding the www forward lookup zone - create a Host A record is, the local users end up with www.www.fisherk12.org
Problem with adding the www forward lookup zone - create a Host A record is, the local users end up with www.www.fisherk12.org
If you create a host record named www in the internal fisherk12.org zone and give that record the site's IP address, internal users will be able to reach the site by browsing to www.fisherk12.org. Browsing from inside without the www is problematic, though, because the FQDN fisherk12.org is going to resolve to the IP addresses of your AD domain controllers. There are a couple of ways around this, but they involve making changes to the DCs that aren't ideal - and that's assuming the DCs aren't doing anything else. If they are, it may be downright impossible. We can get into that if you want, but I personally believe it's easier to create the www record and simply inform users that they'll have to include the www in the site's URL when browsing from inside the network.
ASKER
DrDave242, we tried adding the www record in our local DNS however that produced an undesirable result that caused local user browsers to display http://www.www.fisherk12.org
The website hosting company assigned us 52.71.160.119 for fisherk12.org however they also have www.fisherk12.org pointing to different IP's. If you do an nslookup fisherk12.org and then nslookup www.fisherk12.org you will see what I'm talking about.
Which IP address should we configure our local DNS www record?
The website hosting company assigned us 52.71.160.119 for fisherk12.org however they also have www.fisherk12.org pointing to different IP's. If you do an nslookup fisherk12.org and then nslookup www.fisherk12.org you will see what I'm talking about.
Which IP address should we configure our local DNS www record?
DrDave242, we tried adding the www record in our local DNS however that produced an undesirable result that caused local user browsers to display http://www.www.fisherk12.org
Was the www record created in the fisherk12.org forward lookup zone? That shouldn't cause the extra www in the URL unless something really strange is going on.
It looks like the website redirects fisherk12.org to www.fisherk12.org, which is fine and can be ignored for our purposes.
Nslookup shows that www.fisherk12.org is an alias for a much longer apptegy.net FQDN, which itself is an alias for an even longer Amazon Web Services FQDN. That AWS name in turn resolves to two different IP addresses (52.206.53.250 and 34.237.148.222). You can create two www records, each with one of those addresses.
You'll run into problems if those addresses change in the future, unfortunately; internal users won't be able to reach the site at all. You may be better off delegating www.fisherk12.org to the public domain's authoritative nameservers (or to well-known public nameservers). I'll experiment with that on my end and let you know how it turns out.
ASKER
The website hosting company assigned us 52.71.160.119 and this is what I gave Godaddy where the domain is hosted. Yes, I did put the www. A record within the fisherk12.org zone in my internal DNS servers, first thing I tried a week ago. Still likes adding the extra www.
I can watch tracert and see the resolution bouncing between (52.206.53.250 and 34.237.148.222) and No resolution. Every 5 to 10 minutes it seems to be something else. The A record I put in my internal DNS servers was 52.71.160.119 are you suggesting instead to put in the two others just mentioned above? Actually put in two www. A records?
Would it be a cleaner solution to just nix the fisherk12.org lookup zone and create a Forward Look up Zone called fisherk12.local ?
Thanks
I can watch tracert and see the resolution bouncing between (52.206.53.250 and 34.237.148.222) and No resolution. Every 5 to 10 minutes it seems to be something else. The A record I put in my internal DNS servers was 52.71.160.119 are you suggesting instead to put in the two others just mentioned above? Actually put in two www. A records?
Would it be a cleaner solution to just nix the fisherk12.org lookup zone and create a Forward Look up Zone called fisherk12.local ?
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Once our Apptegy created website went live, I went to GoDaddy, where are domain is located and added a CNAME and A record in with the IP pointing to what apptegy said... 52.71.160.119. This propagated and worked everywhere but internal to our school district. I figured I needed to add a www A record into our DNS servers. See fisherk12.org Forward Lookup below.
Then when I go to a browser internally looking at that DNS server I get...
When I do a DOS level tracert to www.fisherk12.org I get 1 of 3 things (52.206.53.250 and 34.237.148.222) or No resolution.
I can seem to go to other browsers and get this "duplication" www.www.fisherk12.org or they just plain lock up the browsers.
I will next try the suggestion to add those 2 www a records in as DrDAve suggested.
Then when I go to a browser internally looking at that DNS server I get...
When I do a DOS level tracert to www.fisherk12.org I get 1 of 3 things (52.206.53.250 and 34.237.148.222) or No resolution.
I can seem to go to other browsers and get this "duplication" www.www.fisherk12.org or they just plain lock up the browsers.
I will next try the suggestion to add those 2 www a records in as DrDAve suggested.
Can you try from an Inprivate / incognito / similar web browser? Maybe after a reboot. Because if your other apps are translating the address correctly, it's not a DNS issue. Other computers - do they work?
ASKER
After putting in the two www. records my local PC and my other techs PC can resolve and go right to the site. BUT, any other of the hundreds of PC's come up with this error and I'm not sure what's producing it. I have a call in to our Firewall people (Smoothwall) to see if this error is being produced by their device.
I appreciate everyone's time on this. I will be turning into a pumpkin soon for the long weekend. I'll see what I get back from Smoothwall and maybe I'll start down the other path next week on removing the forward lookup zone called fisherk12.org and create a new one called anyotherthan.fisherk12.org
Thanks
I appreciate everyone's time on this. I will be turning into a pumpkin soon for the long weekend. I'll see what I get back from Smoothwall and maybe I'll start down the other path next week on removing the forward lookup zone called fisherk12.org and create a new one called anyotherthan.fisherk12.org
Thanks
You mentioned that your internal domain name is also fisherk12.org, but that screenshot of the DNS server doesn't appear to have been taken on a domain controller. If it was, your fisherk12.org zone is missing a LOT of records.
ASKER
There is no Active Directory. There is just DNS and DHCP on the server.
ASKER
Very much appreciate all the contributors. Lee W. nailed the solution to our problem. We changed the local DNS zone to fisherk12.local.org and made sure to flush browser cache.
On the forward lookup zone - create a Host A record
e,g.
171.25.51.62 www