Sign in with
Sign up | Sign in
Your question

Identical Public & Private Domains - Cannot Resolve Public..

Last response: in Windows 2000/NT
Share
June 24, 2004 3:04:40 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

(I encountered a server error on my first postattempt. I apologize if
this is a re-post)
We use the same domain name in AD as we have for our public domain.
The public website is hosted by a third party. Until recently,
internal LAN users were able to view the website without a problem.
Now, if they attempt to view the public site, it redirects them to our
AD server. I've used NSLOOKUP and it resolves the domain to the AD
server as follows:
______________________________________________
Default Server: server01.mydomain.com
Address: 192.168.1.102

> mydomain.com
Server: server01.mydomain.com
Address: 192.168.1.102

Name: mydomain.com
Addresses: 192.168.1.102, 192.168.2.100
______________________________________________

192.168.1.102 is our SB2000 (Exchange, AD, DNS) server.
192.168.2.100 is our AD replica server (WAN connection).
How can I set our DNS server to direct internal LAN queries for the
public domain to the proper IP address? Is there a Q/KB article for
this? I've read through a lot of discussions about manually adding a
DNS entry, but none of those seem to apply to this situation. Thanks
in advance!

-A
Anonymous
June 24, 2004 4:49:15 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

Simple fix - Add a static DNS entry as WWW and point it
towards your external web site address. Clear your cache
on the computer and give it a try. Works like a charm.
If someone queiries www.mydomain.com, the dns will
resolve WWW and then the rest of the FQDN.

ps. Had the same issue!


>-----Original Message-----
>(I encountered a server error on my first postattempt. I
apologize if
>this is a re-post)
>We use the same domain name in AD as we have for our
public domain.
>The public website is hosted by a third party. Until
recently,
>internal LAN users were able to view the website without
a problem.
>Now, if they attempt to view the public site, it
redirects them to our
>AD server. I've used NSLOOKUP and it resolves the domain
to the AD
>server as follows:
>______________________________________________
>Default Server: server01.mydomain.com
>Address: 192.168.1.102
>
>> mydomain.com
>Server: server01.mydomain.com
>Address: 192.168.1.102
>
>Name: mydomain.com
>Addresses: 192.168.1.102, 192.168.2.100
>______________________________________________
>
>192.168.1.102 is our SB2000 (Exchange, AD, DNS) server.
>192.168.2.100 is our AD replica server (WAN connection).
>How can I set our DNS server to direct internal LAN
queries for the
>public domain to the proper IP address? Is there a Q/KB
article for
>this? I've read through a lot of discussions about
manually adding a
>DNS entry, but none of those seem to apply to this
situation. Thanks
>in advance!
>
>-A
>.
>
Anonymous
June 25, 2004 1:14:40 AM

Archived from groups: microsoft.public.win2000.dns (More info?)

Aaron wrote:

(...)

> How can I set our DNS server to direct internal LAN queries for the
> public domain to the proper IP address? Is there a Q/KB article for
> this? I've read through a lot of discussions about manually adding a
> DNS entry, but none of those seem to apply to this situation. Thanks
> in advance!


This is a problem with "split brain" DNS desing - there isn't any trick
or setup - You have to duplicate Your internet DNS entries (host's etc)
on the internal DNS server with proper adresses. Your internal server
for LAN users is the main and authoritative server for this domain and
ther is not way to forward some queries about Your domain to the
external DNS.

--
Tomasz Onyszko [MVP]
T.Onyszko@w2k.pl
http://www.w2k.pl
Related resources
Anonymous
June 25, 2004 1:38:44 AM

Archived from groups: microsoft.public.win2000.dns (More info?)

In his case, he wants to resolve mydomain.com, not WWW.mydomain.com. The
problem is mydomain.com is also the name of his AD domain. There really is
no easy way out yet. The fastest resolution is to explain to your users that
you have a problem, and that they should use www.mydomain.com instead of
mydomain.com. Of course, you can create an A record (using the "same as
Parent" option) pointing mydomain.com to your webserver, but that has the
potentials of causing you more grief than the one you are trying to fix.

--
Sincerely,

Dèjì Akómöláfé, MCSE MCSA MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - COMPLETE SPAM Protection
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon


"AJD" <anonymous@discussions.microsoft.com> wrote in message
news:2156f01c45a24$5471c080$a001280a@phx.gbl...
> Simple fix - Add a static DNS entry as WWW and point it
> towards your external web site address. Clear your cache
> on the computer and give it a try. Works like a charm.
> If someone queiries www.mydomain.com, the dns will
> resolve WWW and then the rest of the FQDN.
>
> ps. Had the same issue!
>
>
> >-----Original Message-----
> >(I encountered a server error on my first postattempt. I
> apologize if
> >this is a re-post)
> >We use the same domain name in AD as we have for our
> public domain.
> >The public website is hosted by a third party. Until
> recently,
> >internal LAN users were able to view the website without
> a problem.
> >Now, if they attempt to view the public site, it
> redirects them to our
> >AD server. I've used NSLOOKUP and it resolves the domain
> to the AD
> >server as follows:
> >______________________________________________
> >Default Server: server01.mydomain.com
> >Address: 192.168.1.102
> >
> >> mydomain.com
> >Server: server01.mydomain.com
> >Address: 192.168.1.102
> >
> >Name: mydomain.com
> >Addresses: 192.168.1.102, 192.168.2.100
> >______________________________________________
> >
> >192.168.1.102 is our SB2000 (Exchange, AD, DNS) server.
> >192.168.2.100 is our AD replica server (WAN connection).
> >How can I set our DNS server to direct internal LAN
> queries for the
> >public domain to the proper IP address? Is there a Q/KB
> article for
> >this? I've read through a lot of discussions about
> manually adding a
> >DNS entry, but none of those seem to apply to this
> situation. Thanks
> >in advance!
> >
> >-A
> >.
> >
Anonymous
June 25, 2004 11:53:45 AM

Archived from groups: microsoft.public.win2000.dns (More info?)

It sounds to me as if he just needs to access his
external web site from internal. Having the same dns
domain name on both will be an issue until you add the
WWW. Then he can go to IE and type www.mydomain.com.
This will take his internal users to their website.

ah, oh well...
>-----Original Message-----
>In his case, he wants to resolve mydomain.com, not
WWW.mydomain.com. The
>problem is mydomain.com is also the name of his AD
domain. There really is
>no easy way out yet. The fastest resolution is to
explain to your users that
>you have a problem, and that they should use
www.mydomain.com instead of
>mydomain.com. Of course, you can create an A record
(using the "same as
>Parent" option) pointing mydomain.com to your webserver,
but that has the
>potentials of causing you more grief than the one you
are trying to fix.
>
>--
>Sincerely,
>
>Dèjì Akómöláfé, MCSE MCSA MCP+I
>Microsoft MVP - Directory Services
>www.readymaids.com - COMPLETE SPAM Protection
>www.akomolafe.com
>Do you now realize that Today is the Tomorrow you were
worried about
>Yesterday? -anon
>
>
>"AJD" <anonymous@discussions.microsoft.com> wrote in
message
>news:2156f01c45a24$5471c080$a001280a@phx.gbl...
>> Simple fix - Add a static DNS entry as WWW and point it
>> towards your external web site address. Clear your
cache
>> on the computer and give it a try. Works like a charm.
>> If someone queiries www.mydomain.com, the dns will
>> resolve WWW and then the rest of the FQDN.
>>
>> ps. Had the same issue!
>>
>>
>> >-----Original Message-----
>> >(I encountered a server error on my first
postattempt. I
>> apologize if
>> >this is a re-post)
>> >We use the same domain name in AD as we have for our
>> public domain.
>> >The public website is hosted by a third party. Until
>> recently,
>> >internal LAN users were able to view the website
without
>> a problem.
>> >Now, if they attempt to view the public site, it
>> redirects them to our
>> >AD server. I've used NSLOOKUP and it resolves the
domain
>> to the AD
>> >server as follows:
>> >______________________________________________
>> >Default Server: server01.mydomain.com
>> >Address: 192.168.1.102
>> >
>> >> mydomain.com
>> >Server: server01.mydomain.com
>> >Address: 192.168.1.102
>> >
>> >Name: mydomain.com
>> >Addresses: 192.168.1.102, 192.168.2.100
>> >______________________________________________
>> >
>> >192.168.1.102 is our SB2000 (Exchange, AD, DNS)
server.
>> >192.168.2.100 is our AD replica server (WAN
connection).
>> >How can I set our DNS server to direct internal LAN
>> queries for the
>> >public domain to the proper IP address? Is there a
Q/KB
>> article for
>> >this? I've read through a lot of discussions about
>> manually adding a
>> >DNS entry, but none of those seem to apply to this
>> situation. Thanks
>> >in advance!
>> >
>> >-A
>> >.
>> >
>
>
>.
>
Anonymous
June 26, 2004 4:32:06 AM

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:21af201c45ac4$36b1ac40$a001280a@phx.gbl,
AJD <anonymous@discussions.microsoft.com> posted their thoughts, then I
offered mine
> It sounds to me as if he just needs to access his
> external web site from internal. Having the same dns
> domain name on both will be an issue until you add the
> WWW. Then he can go to IE and type www.mydomain.com.
> This will take his internal users to their website.
>
> ah, oh well...

Keep in mind gentlemen, if access is needed to the domain name
(LdapIpAddres), such as to http://domain.com in a split horizon, it can be
done thru the registry, and then manually create the LdapIpAddress with the
external IP, however there are compromises to be dealt with. Compromises
such as GPOs may not apply. Why? Because the client side extensions connect
to:
\\domain.com\sysvol\domain.com\policies\{ThePolicy'sLongGuidNumberHere}

If the external IP is set, then GPOs may not apply. Best to keep access to
only as www.domain.com .



--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
pig. --
=================================
June 29, 2004 3:07:35 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

This will work for us, but I'm not sure how to add a static DNS entry.
I know this will limit our users from accessing http://mydomain.com,
but I don't think that will affect us at all. Thanks for your help.

-A


"AJD" <anonymous@discussions.microsoft.com> wrote in message news:<2156f01c45a24$5471c080$a001280a@phx.gbl>...
> Simple fix - Add a static DNS entry as WWW and point it
> towards your external web site address. Clear your cache
> on the computer and give it a try. Works like a charm.
> If someone queiries www.mydomain.com, the dns will
> resolve WWW and then the rest of the FQDN.
>
> ps. Had the same issue!
Anonymous
June 30, 2004 12:46:41 AM

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:a4926a0a.0406291007.1635da1f@posting.google.com,
Aaron in <elroyskimms@yahoo.com> posted their thoughts, then I offered mine
> This will work for us, but I'm not sure how to add a static DNS entry.
> I know this will limit our users from accessing http://mydomain.com,
> but I don't think that will affect us at all. Thanks for your help.
>
> -A
>
>

To create a static www entry? Easy. Rt-click your zone name, select new Host
record, then type in www in the hostname section and give it the actual
outside webserver's IP address. I would suggest to have your users only
access the site with the www record and not by http://mydomain.com due to
the ramifications.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
pig. --
=================================
!