W2K3 DNS Problem

  • Thread starter Thread starter Brian
  • Start date Start date
B

Brian

I guess I just don't know enough about DNS. We have a new W2K3 AD system
called headoffice.bigbiz.com. Everything is working OK except the domain
users cannot browse our own website, bigbiz.com. It is hosted by an external
ISP. Is this a forwarding problem? I have tried several ideas but nothing
seems to work.

Has something changed in W2K3? I have another similar W2000 system but I
don't have this problem.

I would really appreciate any suggestions that might set me on the right
track.

Thanks
 
Did you try to setup a forward or stub zone for bigbiz.com and point it to
your ISPs DNS servers?
 
First of all, thanks for the reply.

Yes I have configured forwarding for the DNS server. The following is an
excerpt from the Mark Minasi book - Windows Server 2003 - my bible.

"That leads to the unusual side effect that the only people on the planet
who can't get to www.megabucks.com are the people who work for Megabucks.
The fix here is easy: Just add a static entry into NS01's megabucks.com zone
for www, as well as records for the mail, FTP, and any other servers."

Well, it might be easy for him, but for me it does not seem to work.
"Static Entry", is this a host (A) record? I assume it points to the ISPs
DNS which is already in the forwarders.

I would really appreciate your comments.
 
In
Brian said:
I guess I just don't know enough about DNS. We have a new W2K3 AD
system called headoffice.bigbiz.com. Everything is working OK except
the domain users cannot browse our own website, bigbiz.com. It is
hosted by an external ISP. Is this a forwarding problem? I have
tried several ideas but nothing seems to work.

Has something changed in W2K3? I have another similar W2000 system
but I don't have this problem.
Click to expand...

Not in this respect.
I would really appreciate any suggestions that might set me on the
right track.
Click to expand...

It would be impossible to make a suggestion without a complete picture of
the forward lookup zones you have created in your local DNS.

What did you name the Forward Lookup Zone for your internal domain?
The zone should be named "headoffice.bigbiz.com"

If you have a zone named "bigbiz.com" then it would cause a conflict with
the zone hosted by your ISP (or whomever hosts the external zone).
 
Thanks for the info. I did name it bigbiz.com. I used: dnscmd localhost
/zoneadd bigbiz.com /primary /file bigbiz.com.dns

I did add records for headoffice.bigbiz.com, both IP and NS

I just now managed to get local access to the website by creating a host(A)
record for www and pointing it to the internet address of the website

Do you think I should rename the zone, or maybe create another zone for
headoffice.bigbiz.com? Or leave it alone since it seems to work OK.

This is the primary DNS controller for 4 other remote VPN sites that will
have secondary DNS controllers.

Thanks again

Brian O
 
In
Brian said:
Thanks for the info. I did name it bigbiz.com. I used: dnscmd
localhost /zoneadd bigbiz.com /primary /file bigbiz.com.dns

I did add records for headoffice.bigbiz.com, both IP and NS

I just now managed to get local access to the website by creating a
host(A) record for www and pointing it to the internet address of the
website

Do you think I should rename the zone, or maybe create another zone
for headoffice.bigbiz.com? Or leave it alone since it seems to work
OK.
Click to expand...

I would highly suggest that you remove the zone bigbiz.com it is only going
to cause a conflict with the external DNS server holding that zone.

The zone for the AD domain should be the same name as the AD domain
"headoffice.bigbiz.com" and set the zone to allow dynamic updates.
This is the primary DNS controller for 4 other remote VPN sites that
will have secondary DNS controllers.
Click to expand...

Will each of these sites be using the same domain?
Are they all Win2k3?

If you store the zone in Active Directory the zone will replicate to all DCs
in the domain. Plus, if all DCs are Win2k3 the zone can be set to replicate
to all DCs or DNS servers in the forest regardless of their domain.
 
OK, I will take your advice.

The domain is bigbiz.com and the primary server is named headoffice. So it
is headoffice.bigbiz.com. All the other servers are W2K3 and are named for
their area, so heritagemtn.bigbiz.com and so on. They will all be domain
controllers and secondary DNS servers. As well as local DHCP servers. No
WINS and guess what, no NetBIOS. Some W2K clients but mostly XP Prof. and
thin clients.

We have to use a 3des encrypted VPN so I want to keep as much
server-to-server communication off the tunnels as I can, at least 8 to 5PM.
If I keep the throughput down I can use lower cost Cisco routers. I thought
going this full-blown route that would be the case. Also W2K3 seems to give
you lots of flexibility with the DNS and AD updating.

Again, I really appreciate your comments.

Brian Ounsted
 
In
Brian said:
OK, I will take your advice.

The domain is bigbiz.com and the primary server is named headoffice.
So it is headoffice.bigbiz.com.
Click to expand...

Wait a minute the AD domain name is "bigbiz.com"?
That changes things, you have to give clear concise information. If you will
store the zone in Active Directory it will be replicated to all DCs with DNS
installed.
Then you can add the www record with the IP of the website so it can
resolve.

This is why most of us here have begun to recommend naming the AD domain
something other than the public domain name, so it won't conflict with your
public name.
All the other servers are W2K3 and
are named for their area, so heritagemtn.bigbiz.com and so on. They
will all be domain controllers and secondary DNS servers.
Click to expand...

If you store the zone in Active Directory you won't need to set up secondary
zones the DCs will automatically get the zone replicated to them.
 
Back
Top