I have set up DHCP and the server as the dns server. I have enabled DNS
forwarding so that the servers IP looks at the dns servers given to me
by our internet providers.
Why did you do this? I'd start by deleting the forwarders.
The problem lies here... when i set my dns servers on dhcp (in this case
the servers ip address...) it doesnt allow the clients to view the
company home page. they can browse anyother page perfectly but not the
company web site.
the server is called SERVER.companywebsite.com using itslef as a dns
server....
Are you using the same domain name internally (on the AD server) as you
are externally (for the real world)?
If so, where is the web page? I'm guessing it's probably on the ISP's
network someplace. Basically, somewhere besides your local network.
If I've guessed correctly, you should find this information helpful.
If you use the same domain name internally and externally you need to
setup and maintain what is called a "split brain DNS". In other words you
need to maintain a copy of records for any external servers for your
domain - like a web server - on your internal DNS server.
Let's say you have a domain called "xyz.com". Your ISP hosts the public
DNS for the domain and has entries for "www", "mail", and maybe others.
For the outside world everything looks great.
Now you come along with your Windows 2000 machine and make is a DC in
domain "xyz.com". DNS gets configured when you run dcpromo and everything
seems fine. However, your clients (or the server for that matter) - using
the DC as their DNS server - won't be able to resolve "
www.xyz.com",
"mail.xyz.com", or anything else that is available to the outside world.
This is because the DC thinks that it is the root server for xyz.com. It
believes that if it doesn't know about a host on xyz.com, it must not
exist. Therefore www and mail are unavailable to any user's pointing to
the DC for DNS services since there are no entries (because you didn't
create them) for these hosts in the dns forward lookup zone for xyz.com.
Many people - myself included way back when - first think that you need to
configure DNS forwarders in order to resolve these hosts (www and mail in
our example). This is NOT what forwarders are for. Forwarders tell the DNS
server to send requests for domains not hosted on that server to the
forwarder's addresses as the next step in the resolution process. The
server will NOT forward requests for any hosts whose domain it is
configured for - in this case xyz.com.
Forwarders make no sense in most scenarios. They are only of use - IMHO -
in large corporate environments where you have several layers of DNS
servers or where you want to use a central DNS server or servers for
caching purposes in order to reduce the amount of traffic going to the
Internet for name resolution purposes (either because of bandwidth or just
for general performance). Forwarding to a DNS server that is on the
Internet already is just plain dumb (go ahead, someone prove me wrong here
and give me a good reason for forwarding to a DNS server that is on the
Internet - and it better not be because you don't know how to open port 53
on your firewall either).
Now, let's get back to fixing your problem - the split brain DNS
configuration I mentioned way back when. The simple answer is to figure
out what the web server's and any other server's public ip address is
(hint - use nslookup or dig) and make entries for these hosts in your
internal DNS (right in the forward lookup zone for your domain - xyz.com
in our example here. This means you will have to maintain these if they change.
However, once you do this your clients will be able to get to the
webserver - again, if I've guessed the issue properly.
--
John LeMay
kc2kth
Senior Technical Manager
NJMC |
http://www.njmc.com | Phone 732-557-4848
Specializing in Microsoft and Unix based solutions
