Announcement

Collapse
No announcement yet.

DNS issue, cannot access own external website

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • DNS issue, cannot access own external website

    Hi all,

    I have been tasked with setting up a Windows Server 2008 R2 box with AD DS installed and eventually this will be my company's domain.

    I am having an issue with DNS. When I have joined a test workstation to the domain, I cannot access my company's own website. The domain name is the same as the website, with the website being hosted externally, ie. website: company.com and domain: company.com.

    The test machines I have set the DNS IP to the same IP of my domain. All other websites load fine except those using company.com as their web domain.

    I searched the forums here and found some solutions such as this:

    In your forward lookup zone for company.com create a A host record.
    in the top Name (uses parent domain name if blank) type www
    and put the ip address which hosts the internal site, (x.x.x.x)
    check that in the FQDN section it says

    But haven't had any luck with this working. I have the external IP address for our website.

    Any tips?

    As a note, in my Forward Lookup Zones under my DNS server there is a zone called _msdcs.company.com along with the zone company.com. Should I remove this _msdcs zone or should I leave this as is?

    Any tips?

    Thanks, I really appreciate it!!

  • #2
    Re: DNS issue, cannot access own external website

    this is why we have .local to avoid the confusion. When you're saying "I have set the DNS IP to the same IP of my domain" do you mean the IP of your 2008 box running DNS? What do you get when you ping domain.com? What happens when you browse to domain.com?

    Comment


    • #3
      Re: DNS issue, cannot access own external website

      Yes, I mean the IP of my 2008 box that is running DNS.

      I receive a reply when I ping domain.com but when I try to browse to it, I get a page displaying IIS7. When I ping domain.com, I get a reply from my server 2008 box's IP address, not that of the external website.

      When I try to browse to a subdomain such as admin.domain.com, I get a different error, one that just states admin.domain.com could not be found.

      Thanks.

      Comment


      • #4
        Re: DNS issue, cannot access own external website

        This is common for AD implementations that have the same internal and external name. The reason is because your DCs register in DNS, their IP addresses for the name of the domain. If you look at your internal DNS zone, you'll notice that you will have several records for domain.com (the external webserver and all of your DCs).

        There is a supported work-around to prevent the DCs from registering these IPs, but you have to know what you are doing and understand what this action means. Take a look at this summary: http://itgeared.com/active-directory-domain-name

        Alternatively, you could just set up IIS on all of the DCs and then redirect traffic to your external web server. This adds the extra service running on your DCs, but it doesnt require you to make the custom modifications to the registry and SRV records.

        The ultimate choice on how to resolve this will be up to you. There really is no right or wrong way.
        JM @ IT Training & Consulting
        http://www.itgeared.com

        Comment


        • #5
          Re: DNS issue, cannot access own external website

          Thank you JM.I managed to tweak things so that I can now access our company site by using www but still cannot access it with just http

          I'll have to look further into the registry editing methods in your link.

          Comment


          • #6
            Re: DNS issue, cannot access own external website

            Good luck.

            Keep in mind that an alternative to registry and DNS record edits is to simply install IIS on all of the DCs and then create a redirect to the external web either via IP or by another host name. Then on the external web, you would have to accept the additional host headers.

            Some people prefer the reg edits, but others prefer the IIS redirect. the decision may also have to be considered by your security policies.
            JM @ IT Training & Consulting
            http://www.itgeared.com

            Comment

            Working...
            X