AD/DNS: can't resolve locally hosted domain names

  • Thread starter Thread starter spiny
  • Start date Start date
S

spiny

So I installed AD/DNS on a windows 2003 machine the other day. I gav
the domain as "int.mycompany.org", where mycompany is an interne
domain name we are serving off of a webserver in the same domain.

The problem is that from any machine in the domain (2 app servers, on
DC/SQL server), when I try to browse to a public domain name that i
hosted by a machine in the local domain, I get a "Page Cannot B
Displayed" message.

Nslookup finds all internet domain names fine, regardless of whethe
they are being hosted by my machines (e.g. nslookup google.com. work
fine; so does nslookup aname.mycompany.org.)

What am I doing wrong here? We have webservices on our app server
that need to be able to get to those public domain addresses.

Thanks in advance!

-spin

spin
 
Thanks Mohanchand.

For some reason "dnscmd" does not exist on my Win2k3 boxes. I searche
the entire system partition for a file that included "dnscmd" an
couldn't find it.

We do have a firewall, behind which our 3 servers are located.

We have an external DNS (netsol.com) which handles our public domai
names, e.g. publicsite.org, etc.

Then I have set up an internal DNS server on our Domain Controlle
which is required by Active Directory. The INTERNAL name of the domai
is int.publicsite.org.

Now, I can surf the web from the machines inside this private domain.
I can also ping, trace and use nslookup to correctly resolve publi
domain names, such as google.com, yahoo.com etc.

I can also get to publicsite.org fine from outside the privat
int.publicsite.org domain. So from my house, I can get t
www.publicsite.org with no problems.

The problem is when I try to access www.publicsite.org from INSIDE th
private domain int.publicsite.org. The browser returns "page cannot b
displayed" and there is nothing in my firewall logs to indicate tha
there is a problem related to the firewall. There is also nothing i
the DNS logs.

The REALLY MESSED UP part is that when I ping www.publicsite.org fro
inside the domain, it resolves correctly. nslookup also return
correct results. You would think that if pinging and nslookup wor
correctly, so should a web browser. Evidentally not.

We need this functionality because we have internal web services tha
work based on domain name

spin
 
I think I found the problem:

We are using NAT to forward requests from our PUBLIC IP range to ou
PRIVATE non-routable IP range:

e.g. 123.456.798.132 --> NAT --> 192.168.10.10

Now when I make an HTTP request from outside the domain, it goe
through our firewall which translates 123.456.798.132 int
192.168.10.10 and then IIS takes over and serves up the webpage

HOWEVER, when I make that request from INSIDE the domain, the local DN
server returns the public IP address 123.456.798.132 which of cours
doesn't exist internally.

Now im really confused :(

-spin

spin
 
For those reading this, I just added teh domains to the host file o
each machine. No other way around it i suppose

spin
 
Hello Spiny,

I believe you might be running into this issue due to the EDNS0 capability
in Windows Server 2003 DNS.

Please take a look at this article that might help:

828731 An External DNS Query May Cause an Error Message in Windows Server
2003
http://support.microsoft.com/?id=828731

828263 DNS query responses do not travel through a firewall in Windows
Server
http://support.microsoft.com/?id=828263

--
Regards,
Mohanchand Koduri [MSFT]

This posting is provided "AS IS" with no warranties, and confers no rights.
OR
If you wish to include a script sample in your post please add "Use of
included
script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm"
 
In
spiny said:
I think I found the problem:

We are using NAT to forward requests from our PUBLIC IP range to our
PRIVATE non-routable IP range:

e.g. 123.456.798.132 --> NAT --> 192.168.10.10

Now when I make an HTTP request from outside the domain, it goes
through our firewall which translates 123.456.798.132 into
192.168.10.10 and then IIS takes over and serves up the webpage

HOWEVER, when I make that request from INSIDE the domain, the local
DNS server returns the public IP address 123.456.798.132 which of
course doesn't exist internally.

Now im really confused :(

-spiny


spiny
Click to expand...

In your internal DNS server you need a zone for each hosted website, for
instance if you host www.example.com create a zone named 'www.example.com'
in that zone create one blank host with the IP of the webserver.
Don't use a zone name 'example.com' because then you will have to create
every other record such as mail ftp or what ever to reach the external sites
in those domains. Using 'www.example.com" means it only conflicts with
www.example.com the others will be forwarded.
 
Back
Top