DNS/FQDN same as external website domain

By KENNY P
in Microsoft (Windows)

 Share

Recommended Posts

Explorer

KENNY P

Posted
Posted

Hey all,

Signed up over here to start participating in the awesome discussions... have an issue thats had me stumped for a few days now at one of my customer's office and I'm hoping someone can lead me in the right direction.

They have a Windows Server (2003) that is hosting DNS... and when people access their site domain.com internally it brings them to the server (named edge)'s local IIS site and not the external website.

They aren't even on a domain! And there is a www. record pointing to the externally hosted website's IP but even www. brings you to the local edge IIS site.

Thanks for your help!!

Grand Master

+LogicalApex MVC

Posted
  • MVC
Posted

You don't need to be on a domain to use a local DNS server. The computer will use whatever DNS server it is configured to use, either manually or via DHCP.

If you have a problem with the DNS server resolving the correct IP address for a zone you should check the DNS server's configuration. Do you have a single A (or AAAA if you're using IPv6) record for the external IP in the forward lookup zone configured on the DNS server?

Grand Master

+BudMan MVC

Posted
  • MVC
Posted

And why are they hosting DNS on this server if not using AD? Clearly they want people to resolve stuff using this server, so who admins the server? Have them fix the records for what they are resolving if its not right?

Explorer

KENNY P

Posted
  • Author
Posted

They're using the server for file sharing... I see an smtp record and some IP reservations... I just setup a Watchguard for VPN. My next option was to disable DNS on the server and put those entries in the firewall... but didn't want to accidentally take down their mail entry (maybe having to reconfigure all 40 clients with new mail settings) so I was wondering if there was a quick fix. I'm against even having 40 clients use server in a workgroup environment but they're not paying for licensing and half the computers are home premium clients :/

Grand Master

sc302 Veteran

Posted
  • Veteran
Posted

you need a redirect to direct them to the external ip if the external ip is not part of your network. an A record redirecting www should work just fine. This is why we do not configure internal domains with external domain names. It creates issues like this.

Veteran

Joe User

Posted
Posted

Hey all,

Signed up over here to start participating in the awesome discussions... have an issue thats had me stumped for a few days now at one of my customer's office and I'm hoping someone can lead me in the right direction.

They have a Windows Server (2003) that is hosting DNS... and when people access their site domain.com internally it brings them to the server (named edge)'s local IIS site and not the external website.

They aren't even on a domain! And there is a www. record pointing to the externally hosted website's IP but even www. brings you to the local edge IIS site.

Thanks for your help!!

Remove all references to the external domain from the DNS server AND TCP/IP settings on the workstations and servers (especially primary DNS suffix settings in the TCP/IP and System settings where the computer names are set).

Grand Master

sc302 Veteran

Posted
  • Veteran
Posted

Remove all references to the external domain from the DNS server AND TCP/IP settings on the workstations and servers (especially suffix settings in the TCP/IP tab).

and what happens when the internal domain is named the same as the external then you delete everything...you just fubar'd your network.

Veteran

Joe User

Posted
Posted

and what happens when the internal domain is named the same as the external then you delete everything...you just fubar'd your network.

There is no internal domain, as referenced by the OP. I'm assuming external DNS is coming from the ISP, removing the entries will make the internal network go to the ISP for the info.

Explorer

KENNY P

Posted
  • Author
Posted

There was no parent A record... I created one with the external IP, that didn't work either. I'll admit, I am a DNS n00b but I'm assuming it should be hitting the external site with parent A record and www A record... let me remote in and screenshot the DNS so you guys can check me if you wouldn't mind.

Veteran

Joe User

Posted
Posted

There was no parent A record... I created one with the external IP, that didn't work either. I'll admit, I am a DNS n00b but I'm assuming it should be hitting the external site with parent A record and www A record... let me remote in and screenshot the DNS so you guys can check me if you wouldn't mind.

Send a dump of ipconfig /all from the server and a workstation too.

Grand Master

sc302 Veteran

Posted
  • Veteran
Posted

then delete the domain in the dns server. if you aren't on a domain, why are you using dns unless you need to redirect locally....even still you can use host file to redirect.

what is the order of operations...

host file first - do you have an entry in your host file (c:\windows\system32\drivers\etc\hosts - open in notepad)

is here a screwed up entry in lmhosts?

dns would be next.

do a nslookup for the website in a dos prompt this will query the dns server and find out what it thinks, nslookup will not use host files it is a query against the dns server.

open a command prompt

nslookup www.google.com

put in your domain vs google and see what it comes up with

Veteran

Joe User

Posted
Posted

what is the order of operations...

host file first - do you have an entry in your host file (c:\windows\system32\drivers\etc\hosts - open in notepad)

is here a screwed up entry in lmhosts?

dns would be next.

I think it's lmhosts, hosts, WINS, then DNS for 2003. But the problem would be on the workstations, so it might be something else.

Explorer

KENNY P

Posted
  • Author
Posted

Wow... that did it... posting the screenshot made me take a second look and it was pretty obvious after nslookup there were two A records... you guys are the ****. After seeing DNS config should I leave everything how it is or disable DNS because we're not really using it (from what I see)?

Veteran

Joe User

Posted
Posted

Wow... that did it... posting the screenshot made me take a second look and it was pretty obvious after nslookup there were two A records... you guys are the ****. After seeing DNS config should I leave everything how it is or disable DNS because we're not really using it (from what I see)?

If all you're doing is duplicating the ISP's records, then you shouldn't have entries in DNS. It's really not recommended.

Explorer

KENNY P

Posted
  • Author
Posted

Well crap... I just ping'ed each entry and the IPs match the external IPs (from my ISP, not from their server) so you're right... I don't need DNS. Can I delete the whole reverse/forward DNS zone?

Also, second question... if anyone is familiar with Watchguard/VPN... the branch office I setup is on a different subnet. When I ping edge (server name) or any clients... it doesn't resolve. I fixed with host files.. but is there a way to have WINS resolve over the VPN? So we can ping without manual hosts file mapping?

Grand Master

sc302 Veteran

Posted
  • Veteran
Posted

you can fully uninstall dns.

You will need a common wins server that handles all wins resolution, but yes you can. point all to 1 wins server. it would be much better if you enabled active directory, that would solve your issues and have a common user base, which it is easier to share with and setup common mappings.

Veteran

Joe User

Posted
Posted

Well crap... I just ping'ed each entry and the IPs match the external IPs (from my ISP, not from their server) so you're right... I don't need DNS. Can I delete the whole reverse/forward DNS zone?

Also, second question... if anyone is familiar with Watchguard/VPN... the branch office I setup is on a different subnet. When I ping edge (server name) or any clients... it doesn't resolve. I fixed with host files.. but is there a way to have WINS resolve over the VPN? So we can ping without manual hosts file mapping?

What I think you want is something like "office.domain.com" then your internal office servers and workstations are computername.office.domain.com. That way you can keep your DNS resolution for the VPN and also have WINS lookup thru DNS. If you add office.domain.com to the dns suffix search on the workstations and enable dynamic DNS updates, then honestly you won't even need WINS.

Grand Master

sc302 Veteran

Posted
  • Veteran
Posted

Recommended practice for internal networks is not to use a internet extension like .com or .org, etc. .local, .lan, .internal, etc is recommended and preferred. This way if you do register externally your dns server won't get confused or need to put in manual entries.

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.