Announcement

Collapse
No announcement yet.

Access a web server in a dmz by name

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Access a web server in a dmz by name

    we have a Windows 2003 domain & two Windows 2003 domain controllers - both are our local internal dns servers. These servers are on a 192.168.1.x network. We have a Windows 2008 (w/ sp2) web server in a dmz (in a workgroup, not part of our domain) that is on a 192.168.4.x network. We are in the process of hosting our own website on our new web server, but in doing some testing I was asked to do the following

    Our development team is asking that we allow our users internally to be able to get to our web server by name rather than its IP. Since our web server is in a dmz and is not part of our domain but in a workgroup - I can RDP to the webserver by IP, ping by ip , browse to it by ip (with user credentials) and open up a web browser and get to it by ip.

    Is there way to add something in our AD integrated DNS setup to allow users to access our production web server by name rather than IP ? I know with Win2k3 and Win2k u can do this by Wins but being that the 2k8 web server doesnt offer the ability to do wins, i'm not sure what else i can do. I read about split dns but that will not help us because our domain is "domain.local", not .net or .com.
    Last edited by Jamie; 20th August 2009, 16:55.

  • #2
    Re: Access a web server in a dmz by name

    Just create an A record for it in DNS. It doesnt matter that you're using .local as you're domain name. As long as users on the domain can query the name server it will return the correct IP address that you specifiy.

    Comment


    • #3
      Re: Access a web server in a dmz by name

      Yes we've tried this, but when you do that , the A records looks like <servername>.domain.local ...RDP works when typing in the webserver name, but it doesn't fix getting to that web svr via a web browser.
      in other words, if i open IE and and type in http:// and then the local IP on the 192.168.4.x network, i can get to our web server - if i do it by name after the A record I created, it doesn't work. that's where i'm stuck .. does that make sense?

      Comment


      • #4
        Re: Access a web server in a dmz by name

        Sounds like you may have another issue on the web server then as name resolution is working. I assume if you do an NSlookup from you're PC it returns the correct IP address? You've confirmed RDP works so i assume thats the case.

        Is the website at the default site on the webserver? In other words http://192.168.4.x with no subdirectory?

        Comment


        • #5
          Re: Access a web server in a dmz by name

          Yep, nslookup works as it should ...
          and yes i can rdp to it by name.

          i checked the default web site and not being 100% familar with IIS, there are other folders (aside from the default folders) that were created as dotnetnuke is being used to create and deploy the new website.

          Hmm, ,wait a second ... I do notice DotNetNuke which having a globe next to it so i would assume that could be where all of the new web site content lives. could that be the whole problem vs. having the website under "Default web site" ??? maybe a permissions issue?

          Comment


          • #6
            Re: Access a web server in a dmz by name

            Nope thats not likely as you can access it via IP. Either way name resolution is working so the problem lays with the configuration in IIS on the webserver. It you put http://hostname. That should take you to the default website. Whats the error message returned on the page when you try to access it via hostname?

            Comment


            • #7
              Re: Access a web server in a dmz by name

              error is below


              ultimately what they want to do is this .

              i'll use www.test.com as an example ..
              www.test.com resolves to some public ip out there.
              they want us to be able to type in www.test.com internally and be able to hit our web server in the dmz w/o going outside the firewall and coming back ...


              HTTP Error 500.19 - Internal Server Error

              The requested page cannot be accessed because the related configuration data for the page is invalid.


              Detailed Error InformationModuleIIS Web CoreNotificationBeginRequestHandlerNot yet determinedError Code0x800700b7Config ErrorCannot add duplicate collection entry of type 'add' with unique key attribute 'name' set to 'AJAX_ScriptResourceHandler' Config File\\?\D:\DotNetNuke\WebSite\web.config

              Comment


              • #8
                Re: Access a web server in a dmz by name

                Thats a problem with IIS and not with the resource record. Have a look on http://forums.iis.net for a resolution to that error code.

                Additionally if there insistent on using a "root" domain name then you will need to split you're DNS and add another Zone. Otherwise the resource record under .local will do.

                Comment


                • #9
                  Re: Access a web server in a dmz by name

                  cool . thanks for the link on the IIS error

                  yes, thats what i thought i would need to do .. but then this gets a little tricky ..
                  i can create a new primary zone (not active directory integrated) which is fine ..but does the A record need to then point to my web server in the dmz? if so, then when i open up a browser and go to (i'll use test.com again as the example) www.test.com , it goes out to the internet and resolves it to the test.com's public IP .. how do i get the A record to point to the web server in the dmz using the new zone i created

                  Comment


                  • #10
                    Re: Access a web server in a dmz by name

                    Point the A record to the IP address of the web server in the DMZ. DNS will only make recursive queries elsewhere IF it is NOT authorative for the name space. In other words if it doesnt have a record for it in its cache it looks to another name server to provide the record.

                    Comment


                    • #11
                      Re: Access a web server in a dmz by name

                      Originally posted by scurlaruntings View Post
                      Nope thats not likely as you can access it via IP. Either way name resolution is working so the problem lays with the configuration in IIS on the webserver. It you put http://hostname. That should take you to the default website. Whats the error message returned on the page when you try to access it via hostname?

                      Update: We've revisisted this topic here and when i typed http://localhost on the web server in our dmz, we do get the correct web page. So my respons to you last time about getting an error, it was an error on my part because I was typing http://servername (servername being an example of what our server is called) rather than http://localhost.

                      Any thoughts on this?

                      Comment


                      • #12
                        Re: Access a web server in a dmz by name

                        Since this post and after reading a ton of articles online, the problem has been resolved. The resolution was to create a new primary zone (not active directory integrated) and call it <servename>.net and then create an A record called www which points to the IP address of our web server in our DMZ.
                        Then - cleared cache on the DC and my local box and received correct ping and web site responses.

                        Comment

                        Working...
                        X