Check DNS Entry

  • Thread starter Thread starter Justin Newns
  • Start date Start date
J

Justin Newns

Hi... am relatively new to the world of DNS, so any help
would be greatly appreciated.

All of a sudden our internal users cannot access our
external .com website. How do I check within the DNS
console where domain.com is/should be pointing to ?
 
In
Justin Newns said:
Hi... am relatively new to the world of DNS, so any help
would be greatly appreciated.

All of a sudden our internal users cannot access our
external .com website. How do I check within the DNS
console where domain.com is/should be pointing to ?
Click to expand...

It was working and then "All of a sudden" it stopped?

Not enough to work with here, we'll need more info.

Do you have AD?
If so, is your internal AD domain the same as your external name?
Are you/were you using your ISP's DNS address in your IP properties? (With
AD, you cannot use your ISP's DNS addresses anywhere other than a
forwarder).
If the same external and internal and you had a www record created with the
external IP, maybe the www address was changed by your ISP?

Looking forward to your responses. This should be enough to help. If not, we
might have a couple more questions about your config.

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.
 
Ace,

We have an AD setup. Yes, both internal & external domain
names are the same. No ISP info is used in our IP
properties other than on the Exchange and ISA servers.

Our ISP state that they have made no changes !?

Any ideas ?

Justin
 
In
Ace,

We have an AD setup. Yes, both internal & external domain
names are the same. No ISP info is used in our IP
properties other than on the Exchange and ISA servers.

Our ISP state that they have made no changes !?

Any ideas ?

Justin
Click to expand...


In the Exchange server, you'll need to remove the ISP's DNS. Use the
internal one ONLY. For ISA, use the internal one only as well. In ISA,
configure a rule and apply it to allow DNS traffic UDP and TCP 53 in/out to
only the DNS server. Configure a forwarder in your DNS server properties.
This will eliminate AD errors, and I am surprised that you are not getting
any with Exchange in regards to DSAccess (GC) errors.

As for the website not being accessible, that;s because the name inside is
the same. When that happens, the DNS server will not query externally for a
name that it has in it, and if the record doesn't exist, you get what you
are seeing. So when you query only your internal DNS by your macines (which
is the proper method and what AD *requires*), you'll need to manually create
the www record for your external website and give it the actual external IP
address. You could also create a www delegation under your zone, and give it
the actual nameserver names and IP addresses that are authorative for the
external zone. THis way if they ISP changes the website IP, it will still
find it.

Hope that helps.

Ace
 
Back
Top