I need a DNS fix for my mistakes

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hi,

I implemented AD with a new domain name which happens to be the same as our
company website. Everything in AD is working correctly without DNS errors or
issues seing the network shares. All users can get to the internet and view
any web page except our company web site. On the clients I have 3 DNS
settings, two from the ISP provider and one for my Win2003 box. The Win2003
is secondary DNS. A few users have issues but not all 100 so I am looking for
a means to patch the "random" problem I likely created. Currently As a
workaround I simply go to the client, swap 1st and 2ndary DNS addresses, then
swap them back and the company site is viewable.

Can I apply a forward for company website http:// traffic that also depics
the name of our domain? Are there other solutions I can try? I am new to AD
but have gotten this far......help?
 
You cannot use an external DNS server for members of your AD domain. You
must configure your clients to use ONLY the local AD DNS servers. If you
need a secondary, put up one of your own. If you've got only one DC, you can
put up a BIND secondary for probably <$100. To get your users to your
externally hosted website, create a record in your forward lookup zone for
"www" and put in the IP address of your web host. Instruct your local
clients that they must include the "www" in the URL, i.e.
http://www.yourdomain.com. http://yourdomain.com will not work.

....kurt
 
In
scrarey said:
Hi,

I implemented AD with a new domain name which happens to be the same
as our company website. Everything in AD is working correctly without
DNS errors or issues seing the network shares. All users can get to
the internet and view any web page except our company web site. On
the clients I have 3 DNS settings, two from the ISP provider and one
for my Win2003 box. The Win2003 is secondary DNS. A few users have
issues but not all 100 so I am looking for a means to patch the
"random" problem I likely created. Currently As a workaround I simply
go to the client, swap 1st and 2ndary DNS addresses, then swap them
back and the company site is viewable.

Can I apply a forward for company website http:// traffic that also
depics the name of our domain? Are there other solutions I can try? I
am new to AD but have gotten this far......help?
Click to expand...

1. You need to add a host record for "www" in your DNS server itself...and
point it at the public IP that hosts your website. Right now, your server
thinks it's entirely responsible for yourdomain.com.

2. All servers and workstations should specify *only* the internal
AD-integrated DNS server's IP address in their network settings - and no
external / public DNS server IPs at all. The AD-integrated DNS server should
be set up with forwarders to your ISP's DNS servers for external resolution
(and/or use root hints, which it will by default).
 
scrarey said:
Can I apply a forward for company website http:// traffic that also
depics the name of our domain? Are there other solutions I can try? I
am new to AD but have gotten this far......help?
Click to expand...

As others have noted, you must use your internal DNS for the AD domain and
use www.yourdomainname to access your website. Beyond that, the AD domain
name MUST resolve to IP address on your Domain Controllers that have file
sharing enabled. No ifs, ands, or buts, this is so you can apply group
policy objects at the DFS share:
\\yourADDomainname\SYSVOL\yourADDomainname\policies
In the absence of a Proxy server to forward your browser to your web site,
so you can access the website be only the domain name, you can configure IIS
on each DC, with a web site for http://yourADDomainname then on the Home
Directory tab of that web site, select "A redirection to a URL" then enter
http://www.youraddomainname into the field.
 
Back
Top