DNS difficulties

MarkH · Sep 14, 2003

Hello,

Current setup:
1) same domain name on intranet as internet
2) W2K AD with 1 DC and 1 internal DNS server
3) no DNS forwarders

Question:
Recent problems include not being able to resolve, from
behind firewall, the name of our web site, which is being
hosted by a 3rd party. Our internal domain name is
<name>.org, while our web site should resolve at
www.<name>.org. Also, other sites will not resolve from
behind our firewall.

If I bypass the firewall, resolution is all right. If I
use our ISP's DNS server from behind the firewall,
resolution does not work as well. Any suggestions? Thanks.

Mark

Ace Fekay [MVP] · Sep 14, 2003

In

MarkH said:
Hello,

Current setup:
1) same domain name on intranet as internet
2) W2K AD with 1 DC and 1 internal DNS server
3) no DNS forwarders

Question:
Recent problems include not being able to resolve, from
behind firewall, the name of our web site, which is being
hosted by a 3rd party. Our internal domain name is
<name>.org, while our web site should resolve at
www.<name>.org. Also, other sites will not resolve from
behind our firewall.

If I bypass the firewall, resolution is all right. If I
use our ISP's DNS server from behind the firewall,
resolution does not work as well. Any suggestions? Thanks.

Mark

Easy fix!
Make sure your internal machines continue to point only to your internal
DNS. Then just create a www record under your <name>.org zone and give it
the actual external IP address of your website.

Suggest to use a forwarder for more efficient Internet resolution. Offloads
some of the work from your DNS to the ISP's.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

stevta [MSFT] · Sep 14, 2003

I would also recommed setting up another DC. Doesn't have
to be anything powerful just for redundancy in case the
other server went down.

Ace Fekay [MVP] · Sep 14, 2003

In

stevta said:
I would also recommed setting up another DC. Doesn't have
to be anything powerful just for redundancy in case the
other server went down.

I agree !

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

MarkH · Sep 14, 2003

Thanks to the both of you for the help. Adding the host
record seems to have done the trick. And I have been
planning for a while to add a DC. I just haven't been
able to locate a spare CPU.

Mark

Ace Fekay [MVP] · Sep 15, 2003

In

MarkH said:
Thanks to the both of you for the help. Adding the host
record seems to have done the trick. And I have been
planning for a while to add a DC. I just haven't been
able to locate a spare CPU.

Mark

No prob for the help. The extra DC will insure you won't lose valuable
domain accounts. As Stevta says, you don't need a powerful one. You can use
an old desktop machine to do it that's laying around not doing anything,
that is if you got one.

Good luck!
:-)

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

Jonathan de Boyne Pollard · Sep 15, 2003

M> [...] our web site, which is being hosted by a 3rd party.
M> Our internal domain name is <name>.org, while our web
M> site should resolve at www.<name>.org.
M> Also, other sites will not resolve from behind our firewall.

<URL:http://homepages.tesco.net./~J.deBoynePollard/FGA/read-the-back-messages.html>
<URL:http://homepages.tesco.net./~J.deBoynePollard/FGA/dns-shaped-firewall-holes.html>
<URL:http://homepages.tesco.net./~J.deBoynePollard/FGA/dns-split-horizon-common-server-names.html>

Michael Johnston [MSFT] · Sep 15, 2003

Mark,
On the internal DNS server, verify the existance of the WWW record. Also make sure this resolves to the correct IP address. You can also test queries to this
DNS server from a client. Open a command prompt and type "nslookup" and press enter. NSLOOKUP will connect to the primary DNS server. Verify this is
the case. Next type "www.<name>.org" where <name> is your dns name. This should resolve to the IP of your website. If it does and you still are unable to
connect to the site, your firewall is blocking the traffic. It sounds like you've already confirmed that the firewall is blocking the traffic in that if you pull it out of the
picture, all this works. You may want to contact the firewall vendor for more assistance.

Thank you,
Mike Johnston[MSFT]
Microsoft Network Support
--

This posting is provided "AS IS" with no warranties, and confers no rights. Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

Note: For the benefit of the community-at-large, all responses to this message are best directed to the newsgroup/thread from which they originated.

DNS difficulties

MarkH

Ace Fekay [MVP]

stevta [MSFT]

Ace Fekay [MVP]

MarkH

Ace Fekay [MVP]

Jonathan de Boyne Pollard

Michael Johnston [MSFT]