No announcement yet.

Dns Problem

  • Filter
  • Time
  • Show
Clear All
new posts

  • Dns Problem

    my name is idan and im a sysadmin of a college in south israel.

    my college has 2 domains being hosted and managed my
    the **** is the main site while ****.com is redirection to **
    the whole site is hosted outside the college network in webgate.
    before i arrived there was a DC in the college name ***.com and the mailboxes in the college were **@***.com then that DC went dead and it has been decided to install a new DC with the name *** (to allow the malboxes to be **@** ) but after the installation there was a major problem that clients inside the college want to access ** and the server thinks it himself so they not getting anywhere.

    we tried to link the site to .com domain instead to but who writes that site had inside the links to in the database.

    so now we are not exactly sure what we can do to allow access to the site without reinstalling the DC.

    im sorry for my poorly english i hope you can come up with an answer

  • #2
    Re: Dns Problem

    If I understand you correctly, you are indicating that when users attempt to visit your organization's website from the internal network, they are unable to resolve to the correct IP.

    If this is what you are experiencing, it is because each DC by default will register in DNS a blank record in the primary zone hosting AD with the IP address of the DC's network interfaces.

    So, when a user opens a browser and types, of course your internal DNS provides the resolver (client) with the responses which include the IPs of your DCs.

    The way that I have handled this in the past is adding a registry edit on each DC to prevent the DC from registering this particular record, also known as the LdapIpAddress record.


    However, you should research this carefully prior to moving foward with this solution. First, it also prevents the creation of the GC related DNS records. You would have to create those manually. In addition, not having the LdapIpAddress record can cause other name resolution issues.

    Another option is to load IIS on the DCs and redirect to the correct location of the website. I do not recommend running IIS on DCs, so I do not recommend this option.

    Another option, is to simply tell your users that they can only access the site if they type All this would require is a new record called www. While this would solve the problem in regard to getting to the website, it doesnt solve the problem related to those users who try to access the site via the domain name without the www prefix.

    I hope that this is what you were referring to and that this has provided you with some help.
    JM @ IT Training & Consulting


    • #3
      Re: Dns Problem

      i will give some more information about the company i work for if this will help.

      we have 1 network for the offices that has 1 Main server (DC,Exchange,DNS,IIS) so when the clients type they get the internal IP of the mainserver. we tryed to change the site adress to but the developer use full name links that make it a very troubled idea.

      [JM] i liked the idea about the www to redirect the the web site i tryed doing that a few times and i probably doing something wrong, can you please collaborate on that idea a little more ?


      • #4
        Re: Dns Problem

        Let me try to address your www question first. If you want to have your internal users access the school's website using this URL: from the inside of your network, the first step is to create the DNS entry. You would launch the DNS admin console, look for the forward lookup zone. Create a new record called "www", it can be a HOST (A) or alias (CNAME). You would simply point this record to the correct IP (if you created a host record) or hostname (if you created a CNAME record) where the website is located. Step #2 is necessary if your website provider is using HOST HEADERS. The web admin would configure the website to allow to access that web.

        In regards to your first statement "we have 1 network for the offices that has 1 Main server (DC,Exchange,DNS,IIS) so when the clients type they get the internal IP of the mainserver." Again, this is because your DCs are registering a blank record with DNS. This is by design. You can change this behavior but there are some pros/cons.

        Also you stated "we tryed to change the site adress to but the developer use full name links that make it a very troubled idea." I am not sure what you mean. Are you referring to changing your AD domain name? If so, yes, there is a process involved in doing that. However, you dont have to change your AD domain name if you simply want your users to access the website using All you have to do is go to your DNS Admin console, create a NEW forward lookup zone called, "". Then create the appropriate DNS records 1) a blank record with the IP of the website, 2) a "www" record pointing to the website, 3) any other records you may need such as FTP, MAIL, etc...
        JM @ IT Training & Consulting