Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Thursday, January 19, 2012 4:40 PM
DNS issue when trying to resolve the "root" domain internally.
Windows 2003 server network with 2 DNS/DC servers behind a firewall. DNS is configured to forward for external queries. Our company web page is hosted externally by a 3rd party.
Internal users cannot type "company.com" and have it resolve to "www.company.com" instead they just get an error message but this does work for external internet users (from home for instance). I don't know the proper terminology to use for this so I'm grasping a bit.
Ken
All replies (8)
Thursday, January 19, 2012 5:59 PM ✅Answered
Do you have the same internal name for Active Directory as your external name?
If not are you hosting a zone internally called "company.com". If you are, you just need to create a blank "same as parent" record and point company.com to the IP address of the external web server. If your AD shares the same name as your external domain name, you'll notice that your DCs have registered, by design, host records for the domain name with their IPs.
Choosing a Domain Name for your Active Directory
http://itgeared.com/1005-active-directory-domain-name
Guides and tutorials, visit ITGeared.com.
Thursday, January 19, 2012 8:53 PM ✅Answered
If you follow the link that I posted above, it will explain why this is happening.
Basically, in Active Directory, DCs will register those "blank same as parent records". This is by design. There are several work-arounds that you can implement to resolve this issue such as:
- Have your users access the website internally only via "www"
- Registry edits on your DCs
- Intall IIS on your DCs and create redirects to "www"
Guides and tutorials, visit ITGeared.com.
Thursday, January 19, 2012 5:56 PM
Hello,
in your DNS zone create an A record named www and point it to the webserver ip address.
Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Thursday, January 19, 2012 8:21 PM
Thanks. AD and external names are the same.
I already have an A record for www pointing to the web server. That doesn't seem to do anything. Typing "company.com" in a web browser internally brings up a secure web page asking for login "level 15 access" Weird. This doesn't happen for external users.
If I ping "company.com" I get a response back from the DC. If I do an nslookup on "company.com" I get a list of the nameservers but when I try to do an http request I get a login dialog "A username and password are being requested by http://company.com. The site says: "level 15 access" which looks like a router or something. But why does DNS return the DC's address? I tried pointing the web browser to the DC but it's not running IIS so nothing happens.
Ken
Thursday, January 19, 2012 8:36 PM
OK, figured out the "level 15" access thing. There was an A record for the root domain that was labeled "same as parent folder" and had an address for a lab router. duh. Now I'm finding other records just like it with other IPs for various hosts. Both DCs have an entry labeled "same as parent folder" also. Either way, it's still not working.
K
Thursday, January 19, 2012 10:37 PM
Thanks Jorge. That was it. I'm not sure why I skipped over that link. I went back and checked it out and sure enough it answered my question. I think the key for me is just telling users to use "www.company.com". Not sure why it's such a big deal for people.
Ken
Friday, January 20, 2012 4:23 PM
Hello Ken,
Your situation is not unique for this type of design. The solution of just requiring your users to only use that URL is a low cost and easy solution to implement, from a technical standpoint. However, your users may not necessarily buy into that solution.
Guides and tutorials, visit ITGeared.com.
Monday, July 25, 2016 3:47 PM
I had the same problem. And use the IIS solution.
MY new problem is, my Ad domain es (EX:) pepe.com.ar, and our site is in gapps under www.pepe.com.ar hostname (here IIS redirects .pepe.com.ar to www....). But We had another zone for our Colombian branch, pepe.com.co. The DC/DNS resolve fine all the hostnames like xxx.pepe.com.co, but don´t resolve ".pepe.com.co". I manually generate "A" Host´s with .CO domain for the same ip's of .AR DC´s. And replace the nameservers in .CO zone using .CO hostnames.
Using nslookup:
The only diference I´ve noted is: When exec "nslookup", the default query type don´t works with .CO domain and works fine with .AR domain (display the nameservers ip´s). The only thing I can´t change in .CO domain is start of autorithy, auto change back from .CO hostname to .AR hostname.