Announcement

Collapse
No announcement yet.

Accessing externally hosted websites internally

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Accessing externally hosted websites internally

    Hi all,

    We are running a 2003 SBS server without ISA. All SBS web services are working perfectly internally and externally, including OWA and RWW.

    We are having problems making our externally hosted website available from inside our network though. I have googled this subject hard and have found the only answer to be given, is to add a Forward Lookup Zone of domain.com and then add a www "A" record to the SBS server's DNS.

    I don't understand why i have to do this for a start, as the internal domain name is domain.local not domain.com as most other people with a similar issue seem to have made the mistake of doing. More importantly we don't just have a www externally hosted address, we have 20 or so sub-domains (eg. monkey.domain.com; fishy.domain.com; bananagoat.domain.com) and even more annoyingly these are changing and being created and removed all the time. So currently i have to keep manually adding and removing these entries from our local DNS server. Very time consuming as you can imagine.

    Please tell me there is a better way to do this.

    Many thanks in advance,
    Oli

  • #2
    Re: Accessing externally hosted websites internally

    Are your DNS servers resolving all other domain names correctly? Do you have DNS forwarders set up correctly or are you using Root Hints? Are you in the UK, by any chance?
    Do all your workstations point to your SBS as your DNS? Can you post an ipconfig /all for a workstation and server to the forum here?

    If you have domain.local, then you have no need for domain.com zones in your DNS, since there is no connection and all domain.com names are resolved externally - unless you have entries in hosts or lmhost files that are scr3wing it up.

    Finally, the question that comes before all others - have you run the CEICW?
    TIA

    Steven Teiger [SBS-MVP(2003-2009)]
    http://www.wintra.co.il/
    sigpic
    Iím honoured to have been selected for the SMB 150 list for 2013. This is the third time in succession (no logo available for 2011) that I have been honoured with this award.

    We donít stop playing because we grow old, we grow old because we stop playing.

    Comment


    • #3
      Re: Accessing externally hosted websites internally

      All other domains are resolving.

      I assume SBS has setup the DNS as normal, i haven't done anything manually and i don't know what Root Hints are

      I am in the UK.

      All the workstations point to the SBS for DNS.

      The .local thing is the bit i thought i knew, that's why i set it up like that. All the same, it isn't working unless i add the zone.

      I have run CEICW many many many times. I know how brilliant it is at usually fixing stuff magically


      More info.
      The SBS box is a dual network card configuration.

      We have swopped out our all in 1 router/firewall for a Cisco Firewall and a Cisco router recently and it has been since this change that i have been having this problem. (Probably should have mentioned this earlier). As far as i know i've only been making changes to the firewall and router configs and using the CEICW on the server, so i don't really see why this should affect anything.

      I do try to only use the wizards in SBS rather than do stuff manually whenever possible.

      IP Config from a desktop:



      Windows IP Configuration

      Ethernet adapter Local Area Connection:
      Connection-specific DNS Suffix . : TMP.internal
      Link-local IPv6 Address . . . . . : fe80::a5a1:1c9f:70ba:48a8%8
      IPv4 Address. . . . . . . . . . . : 10.50.3.84
      Subnet Mask . . . . . . . . . . . : 255.255.248.0
      Default Gateway . . . . . . . . . : 10.50.1.1
      Tunnel adapter Local Area Connection* 6:
      Media State . . . . . . . . . . . : Media disconnected
      Connection-specific DNS Suffix . : TMP.internal
      C:\Users\RStretch>ipconfig /all
      Windows IP Configuration
      Host Name . . . . . . . . . . . . : RSTRETCH-PC
      Primary Dns Suffix . . . . . . . : TMP.internal
      Node Type . . . . . . . . . . . . : Broadcast
      IP Routing Enabled. . . . . . . . : No
      WINS Proxy Enabled. . . . . . . . : No
      DNS Suffix Search List. . . . . . : TMP.internal
      Ethernet adapter Local Area Connection:
      Connection-specific DNS Suffix . : TMP.internal
      Description . . . . . . . . . . . : Realtek RTL8168B/8111B Family PCI-E Gigab
      it Ethernet NIC (NDIS 6.0)
      Physical Address. . . . . . . . . : 00-1D-7D-05-5B-BD
      DHCP Enabled. . . . . . . . . . . : Yes
      Autoconfiguration Enabled . . . . : Yes
      Link-local IPv6 Address . . . . . : fe80::a5a1:1c9f:70ba:48a8%8(Preferred)
      IPv4 Address. . . . . . . . . . . : 10.50.3.84(Preferred)
      Subnet Mask . . . . . . . . . . . : 255.255.248.0
      Lease Obtained. . . . . . . . . . : 08 May 2009 09:25:49
      Lease Expires . . . . . . . . . . : 08 June 2009 09:25:48
      Default Gateway . . . . . . . . . : 10.50.1.1
      DHCP Server . . . . . . . . . . . : 10.50.1.1
      DNS Servers . . . . . . . . . . . : 10.50.1.1
      Primary WINS Server . . . . . . . : 10.50.1.1
      NetBIOS over Tcpip. . . . . . . . : Enabled
      Tunnel adapter Local Area Connection* 6:
      Media State . . . . . . . . . . . : Media disconnected
      Connection-specific DNS Suffix . : TMP.internal
      Description . . . . . . . . . . . : isatap.TMP.internal
      Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
      DHCP Enabled. . . . . . . . . . . : No
      Autoconfiguration Enabled . . . . : Yes

      Comment


      • #4
        Re: Accessing externally hosted websites internally

        If you go to administrative tools -> DNS -> Your server name -> Forwarders what do you have in the domain forwarder list?

        If you have the address of one of your Cisco boxes in there, maybe try swopping it for your ISPs DNS.

        Comment


        • #5
          Re: Accessing externally hosted websites internally

          No. I have the 2 default Forward Lookup Zones that SBS create ("_msdcs.domain.internal" and "domain.internal") and the one i have manually created so that people inside the firewall can actually get to the websites until i can fix it properly (webdomain.com).

          Comment


          • #6
            Re: Accessing externally hosted websites internally

            I have an curiosity question. Why do you have such an unusual subnet and IP range when considering SBS has a 75 user limit?
            1 1 was a racehorse.
            2 2 was 1 2.
            1 1 1 1 race 1 day,
            2 2 1 1 2

            Comment


            • #7
              Re: Accessing externally hosted websites internally

              Originally posted by Junkie_uk_99 View Post
              No. I have the 2 default Forward Lookup Zones that SBS create ("_msdcs.domain.internal" and "domain.internal") and the one i have manually created so that people inside the firewall can actually get to the websites until i can fix it properly (webdomain.com).
              I'm not sure we're talking about the same thing here.
              The forward lookup zones should only be for resolving domains where the SBS server is hosting the nameservers and thus responsible for the records.

              I'm talking about going up a level out of Forward Lookup Zones. There you should see Root Hints and Forwarders.

              If your forwarders are correctly defined then you should not need to manually specify a zone for your external domain. Of course if the forwarders are correctly defined then you might find that there is a problem with the configuration of the zone on whatever servers you are using for as your forwarders.

              You could try temporarily replacing the forwarders with those from OpenDNS (208.67.222.222 and 208.67.220.220).

              If your domain starts working then you need to contact whoever is running your old forwarders as they have a broken zonefile for your domain..

              Comment


              • #8
                Re: Accessing externally hosted websites internally

                I just like to organise different devices into different IP Address. I'm a tidy freak

                Originally posted by biggles77 View Post
                I have an curiosity question. Why do you have such an unusual subnet and IP range when considering SBS has a 75 user limit?

                Comment


                • #9
                  Re: Accessing externally hosted websites internally

                  Originally posted by beddo View Post
                  I'm not sure we're talking about the same thing here.
                  The forward lookup zones should only be for resolving domains where the SBS server is hosting the nameservers and thus responsible for the records.

                  I'm talking about going up a level out of Forward Lookup Zones. There you should see Root Hints and Forwarders.

                  If your forwarders are correctly defined then you should not need to manually specify a zone for your external domain. Of course if the forwarders are correctly defined then you might find that there is a problem with the configuration of the zone on whatever servers you are using for as your forwarders.

                  You could try temporarily replacing the forwarders with those from OpenDNS (208.67.222.222 and 208.67.220.220).

                  If your domain starts working then you need to contact whoever is running your old forwarders as they have a broken zonefile for your domain..

                  I've tried replacing the DNS servers in the "Forwarders" tab, but am still having the same problem
                  Last edited by Junkie_uk_99; 1st June 2009, 14:22.

                  Comment


                  • #10
                    Re: Accessing externally hosted websites internally

                    Start by flushing the DNS cache on the local machine (click repair on the NIC) and the DNS cache in the DNS console. Launch NSlookup and see if it picks up your "local" name server. See if it can respond with the correct A record. If not type server 208.67.222.222 and see if OpenDNS returns the correct A record.

                    Comment


                    • #11
                      Re: Accessing externally hosted websites internally

                      Originally posted by Junkie_uk_99 View Post
                      I just like to organise different devices into different IP Address. I'm a tidy freak
                      But that broadcast domain is larger than what SBS is licensed for? How does that allow for more organization with potentially 2046 nodes jabbering on the same segment? Logically a segment should have no more than 500 nodes as the segment will get to "chatty". Sounds like alot of collisions to me...

                      Comment


                      • #12
                        Re: Accessing externally hosted websites internally

                        A couple of points I'd like to make:

                        1. Just because a particular subnet design allows for a large number of hosts doesn't mean there will be a large number of hosts, so if he's only going to have 50 clients the broadcast traffic is the same whether his subnet design allows for 50 hosts or 5,000.

                        2. Collisions are only a concern in a "hubbed" environment, not a switched environment. I'm assuming the OP is connecting all hosts to a switch or switches.

                        3. I also like to use subnet masks to allow me to address devices by class. For instance if I use 10.x.x.x/8 I can use the second octet to designate the class of device: 10.1.x.x for routers, 10.2.x.x for switches, 10.3.x.x for printers, etc. The fact that my subnet mask allows for thousands of hosts doesn't mean I'm going to actually connect thousands of hosts to the same segment. The issue is between the theory and the reality of subnet design.

                        4. The problem doesn't appear to be with DNS to me. The problem appears to be with the way the firewall handles NAT and routing. you're trying to connect to an internal host via an external ip address from an internal host . When the traffic from the client hits the firewall the firewall has to perform NAT and routing for that traffic for both the source and destination. Here's my guess on what's happening:

                        For inside traffic going outbound the firewall routes the traffic first then NAT's the traffic then on the reverse it NAT's the traffic then routes the traffic but it winds up dropping the traffic because it's trying to send it back into the interface where it originated. I'm not sure how to fix it as I'm not a Cisco guy so a call to Cisco might be in order.
                        Last edited by joeqwerty; 3rd June 2009, 04:46.

                        Comment


                        • #13
                          Re: Accessing externally hosted websites internally

                          Thanks Joeqwerty. Your no. 4. comment has helped me understand it more. That makes sense, even if it is a little annoying for me

                          If i speak to a Cisco guy again i'll get them to check it out, but for the moment i'll soldier on as i am.

                          Many thanks to everyone who responded to this thread. I'll be using this site again

                          Comment


                          • #14
                            Re: Accessing externally hosted websites internally

                            Originally posted by Junkie_uk_99 View Post

                            Many thanks to everyone who responded to this thread. I'll be using this site again
                            Excellent and when you came back next time, please bring cake.

                            Would really appreciate it though if you would post back with a solution if the Cisco guy comes up with one. It all adds to this great Petri IT Knowledgebase.

                            Thanks.
                            1 1 was a racehorse.
                            2 2 was 1 2.
                            1 1 1 1 race 1 day,
                            2 2 1 1 2

                            Comment

                            Working...
                            X