How to route http://organization.org to another site

[RogerL]

I have a 2000 server. It is the domain controller. The
domain name is the same as the public domain name.
organization.org The server is server.organization.org
It also hosts our internet email. Our home page is being
hosted by someone else. I have added an entry into the
dns:
www a.b.c.d
where a.b.c.d is the address of our internet website.
We have no problem getting to www.organization.org
However the company that is hosting our web page has a
link on it that points to
http://organization.org/club/member.cfm
However when anyone within the office clicks on this
link, we gets an error and the page is not displayed.
However if we precede the address with www we get the
login web page. Then if we try to login it fails again
because it is going back to
http://organization.org/club/members.cfm
Is there anything we can do on our server to resolve this
problem. (I suspect that it is trying to find the page
http://organization.org/club/members.cfm on our local
server.)

The web page works great from anywhere else.

Would appreciate any help in this matter

Roger

 

[Kevin D. Goodknecht [MVP]]

In

I have a 2000 server. It is the domain controller. The
domain name is the same as the public domain name.
organization.org The server is server.organization.org
It also hosts our internet email. Our home page is being
hosted by someone else. I have added an entry into the
dns:
www a.b.c.d
where a.b.c.d is the address of our internet website.
We have no problem getting to www.organization.org
However the company that is hosting our web page has a
link on it that points to
http://organization.org/club/member.cfm
However when anyone within the office clicks on this
link, we gets an error and the page is not displayed.
However if we precede the address with www we get the
login web page. Then if we try to login it fails again
because it is going back to
http://organization.org/club/members.cfm
Is there anything we can do on our server to resolve this
problem. (I suspect that it is trying to find the page
http://organization.org/club/members.cfm on our local
server.)

The web page works great from anywhere else.

Would appreciate any help in this matter

Roger

You can stop the registration of the blank record and manually create the
blank record with the public IP of the web site. There is a problem with
that solution, Your domain Group policies are found in the SYSVOL share by
\\domain.com\sysvol so if you use the blank record with the public IP
\\domain.com will resolve to the public IP. and you won't be able to apply
group policies.
The best work around I have found is to install IIS on all DCs (because DNS
will use round robin and a blank record is created for all IP on all DCs)
create a web site with a host header for organization.org and use web site
redirection and redirect to www.organization.org.

 

[Roland Hall]

I have a customer with the same issue. The person who setup AD needs to be
shot, at least regarding my customer.

The internal network should be just that, internal.organization.org and
public organization.org. You can either redo your AD which is a nightmare
or you can tell your developer not to use domain.org references. Besides,
it's not a good idea to do that [including domain info in links] anyway on a
web site. It's unnecessary. Using a relative path allows one to move a web
site from one server to another without any modifications.

I always reference / in any path except for local path references and
database connectivity.
Ex.
/asp/somefile.asp
/images/somefile.gif

Since you already have the alias www pointing to the web site, only internal
users have to remember to prefix www to the domain. External users will
have no issues because there is no reference publicly in the DNS for the
internal network.

I was developing the site for this customer so I changed one line in the
main frame. It was a frame based setup.
<BASE HREF="http://www.domain.com">

Links are all set as <a href="/asp/somefile.asp">somefile</a> or <span
style="cursor: pointer" onClick="/asp/somefile.asp">somefile</span>

I have another customer who had just gotten a network built, had the same
issue and found that they were compromised and highly infected. In fact,
their server was infected with trojans prior to delivery. On this site, the
preferred was performed and the server was completely rebuilt, but mostly
because of all of the infections and security issues. It was faster to
rebuild the server and redo the AD which took 4 hours including all patches,
applications and security.

The internal network is: internal.domain.org
External is: domain.org

This does require internal DNS but I believe you should have that on any
private network.

Roland

I have a 2000 server. It is the domain controller. The
domain name is the same as the public domain name.
organization.org The server is server.organization.org
It also hosts our internet email. Our home page is being
hosted by someone else. I have added an entry into the
dns:
www a.b.c.d
where a.b.c.d is the address of our internet website.
We have no problem getting to www.organization.org
However the company that is hosting our web page has a
link on it that points to
http://organization.org/club/member.cfm
However when anyone within the office clicks on this
link, we gets an error and the page is not displayed.
However if we precede the address with www we get the
login web page. Then if we try to login it fails again
because it is going back to
http://organization.org/club/members.cfm
Is there anything we can do on our server to resolve this
problem. (I suspect that it is trying to find the page
http://organization.org/club/members.cfm on our local
server.)

The web page works great from anywhere else.

Would appreciate any help in this matter

Roger

 

[Guest]

I will try this. Sounds like a good idea.

Thanks

-----Original Message-----
In RogerL <[email protected]> posted a question
Then Kevin replied below:

You can stop the registration of the blank record and manually create the
blank record with the public IP of the web site. There is a problem with
that solution, Your domain Group policies are found in the SYSVOL share by
\\domain.com\sysvol so if you use the blank record with the public IP
\\domain.com will resolve to the public IP. and you won't be able to apply
group policies.
The best work around I have found is to install IIS on all DCs (because DNS
will use round robin and a blank record is created for all IP on all DCs)
create a web site with a host header for

organization.org and use web site

 

[Ace Fekay [MVP]]

Actually Roland, choosing the same name for AD as the external is a common
choice in AD DNS names and is called a "Split Horizon" namespace.

However, it does require additional administrative tasks, such as has been
discussed, to allow internal folks to get to their external resources (if
hosted externally) by creating a www record, or altering thru the registry
the registration process of the LdapIpAddress (the blank FQDN) on each DC
and manually creating the LdapIpAddress they need (which would point to the
same IP as the www record) so they can get to the site using
http://domain.com without the www. Also needed to create is any additional
resources they need to get to, such as mail, smpt, ftp, etc.

This is not that bad, but to the layman, it can be confusing. That's why I
usually suggest if they are bold enough to go for it, to use a Split Horizon
method (my favorite actually), otherwise to minimize the administrative
overhead, to choose a different name, not necessarily a "child" namespace,
but that is one of the choices. If that's the case, I would prefer them to
use domain.net (if it doesn't conflict) if their external name is
domain.com, or even domain.corp or domain.internal.

And as far as this statement:

The internal network is: internal.domain.org
External is: domain.org

This does require internal DNS but I believe you should have that on any
private network.

Yes, they ALWAYS need an internal DNS, not just in this scenario. We would
like to keep the internal namespace private and not available from a public
network. Even if they are hosting their own website and other Internet
resources (mail, ftp, etc), they would require two DNS servers, one for the
internal private namespace, one for the external namespace. Even if they
choose a different namespace for AD, you still don;t want that data
available on the same server accessible by the public network, especially
after I've seen some interesting stuff lately that can really kill a server
(any server), but can't go into detail here.


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
--
=================================

I have a customer with the same issue. The person who setup AD needs to be
shot, at least regarding my customer.

The internal network should be just that, internal.organization.org and
public organization.org. You can either redo your AD which is a nightmare
or you can tell your developer not to use domain.org references. Besides,
it's not a good idea to do that [including domain info in links] anyway on a
web site. It's unnecessary. Using a relative path allows one to move a web
site from one server to another without any modifications.

I always reference / in any path except for local path references and
database connectivity.
Ex.
/asp/somefile.asp
/images/somefile.gif

Since you already have the alias www pointing to the web site, only internal
users have to remember to prefix www to the domain. External users will
have no issues because there is no reference publicly in the DNS for the
internal network.

I was developing the site for this customer so I changed one line in the
main frame. It was a frame based setup.
<BASE HREF="http://www.domain.com">

Links are all set as <a href="/asp/somefile.asp">somefile</a> or <span
style="cursor: pointer" onClick="/asp/somefile.asp">somefile</span>

I have another customer who had just gotten a network built, had the same
issue and found that they were compromised and highly infected. In fact,
their server was infected with trojans prior to delivery. On this site, the
preferred was performed and the server was completely rebuilt, but mostly
because of all of the infections and security issues. It was faster to
rebuild the server and redo the AD which took 4 hours including all patches,
applications and security.

The internal network is: internal.domain.org
External is: domain.org

This does require internal DNS but I believe you should have that on any
private network.

Roland

I have a 2000 server. It is the domain controller. The
domain name is the same as the public domain name.
organization.org The server is server.organization.org
It also hosts our internet email. Our home page is being
hosted by someone else. I have added an entry into the
dns:
www a.b.c.d
where a.b.c.d is the address of our internet website.
We have no problem getting to www.organization.org
However the company that is hosting our web page has a
link on it that points to
http://organization.org/club/member.cfm
However when anyone within the office clicks on this
link, we gets an error and the page is not displayed.
However if we precede the address with www we get the
login web page. Then if we try to login it fails again
because it is going back to
http://organization.org/club/members.cfm
Is there anything we can do on our server to resolve this
problem. (I suspect that it is trying to find the page
http://organization.org/club/members.cfm on our local
server.)

The web page works great from anywhere else.

Would appreciate any help in this matter

Roger

 

[Jonathan de Boyne Pollard]

R> However the company that is hosting our web page has a
R> link on it that points to
R> http://organization.org/club/member.cfm

Web page authors who use absolute URLs for related pages are a menace.
Tell your web page author to stop being a menace and to use a
relative URL.

R> However when anyone within the office clicks on this
R> link, we gets an error and the page is not displayed.

<URL:http://homepages.tesco.net./~J.deBoynePollard/FGA/dns-split-horizon-common-server-names.html>

 

[Michael Johnston [MSFT]]

The problem here is that all DCs register themselves at this location. You could disable DNS registration on the DCs and manually add the record but again,
this may cause AD problems. Test thoroughly before you attempt to put this in production. A better solution may be to change the website so that it uses a
name other than http://organization.org. Change the page to http://somehost.organization.org and create the host record. That's a much cleaner sollution.

Thank you,
Mike Johnston
Microsoft Network Support

--

This posting is provided "AS IS" with no warranties, and confers no rights. Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

Note: For the benefit of the community-at-large, all responses to this message are best directed to the newsgroup/thread from which they originated.