No announcement yet.

Internal Webserver and DNS

  • Filter
  • Time
  • Show
Clear All
new posts

  • Internal Webserver and DNS

    i am having a problem with my DNS and dont know how to resolve it... i have a webserver that has an external IP address. Internal users access the same webserver as well.
    the problem comes up when internal users try to access the webpage. the internal clients go to and the session is opened to the external IP thru the firewall...
    i know the fix is to add i DNS entry for the page, but im confused... the page is called and the internal DNS sends it of and its resolved by and is routed to the external, NATed address.

    what i would like is when an internal user goes to they are re-routed to (which is how the page can be viewed internally without being NATed) and the external users will still access the record for the external comming in...

    i dont have an ISA server, and i dont have a split domain either...

    what would be your suggestions to fix this.. im at a loss.

    thanks, James Haynes
    its easier to beg forgiveness than ask permission.
    Give karma where karma is due...

  • #2
    Re: Internal Webserver and DNS

    so i have an update...

    this is what i tried... i added a new zone for
    the site is joined to the domain, so i allowed secure updates. i created a new host (A) record for the webserver like: New host: WWW and the address to its internal

    this went perfect at first, but the web application acceses a few other servers... its an image retrevial system. the first request opens the page, the next step initiates a search on a text index/SQL and then the image is retrieved by a ref number on the image stores...

    so will i need to create additional host records that everything that tries to contact as a PTR record now? or should i try to hit this from the IIS side with header names?

    thanks again if anyone has any suggestions...

    its easier to beg forgiveness than ask permission.
    Give karma where karma is due...


    • #3
      Re: Internal Webserver and DNS

      You've got two zones. An internet zone, and and intranet zone.

      Internet computers must continue to point to the internet DNS server to hit the NAT IP address of your router.

      Intranet computers must point to an internal DNS server which has ANAMEs for the non routable IP address of your web server. In addition, if your intranet clients are going to point to an internal DNS server, the intranet DNS server should be configured to forward queries to the external internet DNS server.

      Alternatively, you could place HOST files on each intranet computer that will need to access the web server on the intranet.
      VCDX3 #34, VCDX4, VCDX5, VCAP4-DCA #14, VCAP4-DCD #35, VCAP5-DCD, VCPx4, vEXPERTx4, MCSEx3, MCSAx2, MCP, CCAx2, A+ - VMware Virtualization Evangelist
      My advice has no warranties. Follow at your own risk.


      • #4
        Re: Internal Webserver and DNS

        thank you for the reply.. you were right on point. the client host records was the alternative to figuring out the DNS issue... i didnt want to do that but i already had the host files prepared for deployment

        and your correct. i do have two domains, and it has been nothing but trouble since the webserver and exchange have been up and running... i didnt realize the implication it would have on the internal users.

        i resolved the issue on the line you were pointing... i created the new foward lookup zone called in the parent container. in this zone, i added an alias record for then i added an additional host record to point to the other server that references the images...

        now with TCPview open i see that when internal users connect to the website, they resolve the internal address instead of being NATed like before...

        and instead of 450 open sessions originating from my ISP, i see it is all internal on the fiber and gig backplanes... much nicer!!

        Thanks so much for the quick reply!
        james haynes
        its easier to beg forgiveness than ask permission.
        Give karma where karma is due...