Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Monday, November 18, 2019 11:51 AM
My internal domain xyz.org has an externally hosted website xyz.org which we are unable to access using our local DNS servers even after putting an A record that points www.xyz.org but still unable access the site. However both my local and public DNS (ex 8.8.8.8) resolves the same IP address but yet I can not access the site www.xyz.org using my local DNS. Can someone please help in this regards?
Thanks in advance,
-Mostofa
All replies (6)
Tuesday, November 19, 2019 6:45 AM ✅Answered
Hi,
Do you mean that the internal and external have a same domain name so that you cannot use the local DNS server to resolve the external xyz.org? If I misunderstand, please let me know.
This can be easily fixed by applying a simple registry edit (RegisterDnsARecords) on your DC(s).
The problem is that your DCs will register their IPs for the name of the domain.
Of course, when your users open a browser they will not reach the website since the records in DNS are pointing to your DCs.
You will find the steps needed to fix this in this article.
Active Directory Domain Name Considerations when Using the Same Internal and External Domain Name
Hope this can help you, if you have anything unclear, please let me know.
Have a nice day!
Ellen
Please remember to mark the replies as answers if they help and unmark them if they provide no help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Tuesday, November 19, 2019 2:09 PM
Hello Ellen,
Thanks for the replay. You understand the issue that I wanted to explain. In your mentioned link it says I have three options to chose.
Firstly, Educating my users to access the website by using the "www" record instead of the parent domain name is impossible since I can't access www.xyz.org even after putting an 'A' record for www even it resolves the correct IP address!
Secondly, the IIS redirection rules out since I can't access the site using www!
Finally, the last option seems helpful and the only choice left for me and the site is opening as well now :)
But I can't see the entries after I put them in the forward lookup zone!
gc._msdcs.xyz.org A 10.30.20.30(IP of DC)
gc._msdcs.xyz.org A 10.30.20.31(IP of ADC)
Besides this, I am not sure about the consequences of making this change (there is link from microsoft that seems not available anymore).
Thanks in advance again,
G.Mostofa
Wednesday, November 20, 2019 2:38 AM
Hi,
>>Besides this, I am not sure about the consequences of making this change (there is link from microsoft that seems not available anymore).
Since you are worried about the consequences, you can still use the first way and I want to confirm that the externally hosted website is xyz.org or www.xyz.org?
If it is xyz.org, then add an A record that points www.xyz.org is useless. You can change the externally host website to www.xyz.org and create a new A record.
If not, as long as your DNS servers are running Windows server 2016 and you can use DNS policy to solve your issue.
You can refer the following link about the details:
/en-us/windows-server/networking/dns/deploy/split-brain-dns-deployment
Hope this can help you, if you have anything unclear, please let me know.
Have a nice day!
Ellen
Please remember to mark the replies as answers if they help and unmark them if they provide no help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Thursday, November 21, 2019 1:48 AM
Hi,
Just checking in to see if the information provided was helpful.
Please let us know if you would like further assistance.
Best Regards,
Ellen
Please remember to mark the replies as answers if they help and unmark them if they provide no help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Friday, November 22, 2019 8:07 AM
Hi,
As this thread has been quiet for a while, we will propose it as ‘Answered’ as the information provided should be helpful.
If you need further help, please feel free to reply this post directly so we will be notified to follow it up. You can also choose to unmark the answer as you wish.
Best regards,
Ellen
Please remember to mark the replies as answers if they help and unmark them if they provide no help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Saturday, November 23, 2019 6:53 AM
Hello Ellen,
Apologize for being late here to replay. Meanwhile I was communicating with my website administrators and shred the whole thing. Currently following the 3rd approach (the registry change approach) and so far its working find causing no issues to the production system.However, it may sound silly to you that I am still looking for the answers what exactly the gc._msdcs static 'A' entries made this fixed!
Thanks a lot for being so helpful,
-Mostofa