Identical Public & Private Domains - Cannot Resolve Public..

Archived from groups: microsoft.public.win2000.dns (More info?)

(I encountered a server error on my first postattempt. I apologize if
this is a re-post)
We use the same domain name in AD as we have for our public domain.
The public website is hosted by a third party. Until recently,
internal LAN users were able to view the website without a problem.
Now, if they attempt to view the public site, it redirects them to our
AD server. I've used NSLOOKUP and it resolves the domain to the AD
server as follows:
______________________________________________
Default Server: server01.mydomain.com
Address: 192.168.1.102

> mydomain.com
Server: server01.mydomain.com
Address: 192.168.1.102

Name: mydomain.com
Addresses: 192.168.1.102, 192.168.2.100
______________________________________________

192.168.1.102 is our SB2000 (Exchange, AD, DNS) server.
192.168.2.100 is our AD replica server (WAN connection).
How can I set our DNS server to direct internal LAN queries for the
public domain to the proper IP address? Is there a Q/KB article for
this? I've read through a lot of discussions about manually adding a
DNS entry, but none of those seem to apply to this situation. Thanks
in advance!

-A
7 answers Last reply
More about identical public private domains resolve public
  1. Archived from groups: microsoft.public.win2000.dns (More info?)

    Simple fix - Add a static DNS entry as WWW and point it
    towards your external web site address. Clear your cache
    on the computer and give it a try. Works like a charm.
    If someone queiries www.mydomain.com, the dns will
    resolve WWW and then the rest of the FQDN.

    ps. Had the same issue!


    >-----Original Message-----
    >(I encountered a server error on my first postattempt. I
    apologize if
    >this is a re-post)
    >We use the same domain name in AD as we have for our
    public domain.
    >The public website is hosted by a third party. Until
    recently,
    >internal LAN users were able to view the website without
    a problem.
    >Now, if they attempt to view the public site, it
    redirects them to our
    >AD server. I've used NSLOOKUP and it resolves the domain
    to the AD
    >server as follows:
    >______________________________________________
    >Default Server: server01.mydomain.com
    >Address: 192.168.1.102
    >
    >> mydomain.com
    >Server: server01.mydomain.com
    >Address: 192.168.1.102
    >
    >Name: mydomain.com
    >Addresses: 192.168.1.102, 192.168.2.100
    >______________________________________________
    >
    >192.168.1.102 is our SB2000 (Exchange, AD, DNS) server.
    >192.168.2.100 is our AD replica server (WAN connection).
    >How can I set our DNS server to direct internal LAN
    queries for the
    >public domain to the proper IP address? Is there a Q/KB
    article for
    >this? I've read through a lot of discussions about
    manually adding a
    >DNS entry, but none of those seem to apply to this
    situation. Thanks
    >in advance!
    >
    >-A
    >.
    >
  2. Archived from groups: microsoft.public.win2000.dns (More info?)

    Aaron wrote:

    (...)

    > How can I set our DNS server to direct internal LAN queries for the
    > public domain to the proper IP address? Is there a Q/KB article for
    > this? I've read through a lot of discussions about manually adding a
    > DNS entry, but none of those seem to apply to this situation. Thanks
    > in advance!


    This is a problem with "split brain" DNS desing - there isn't any trick
    or setup - You have to duplicate Your internet DNS entries (host's etc)
    on the internal DNS server with proper adresses. Your internal server
    for LAN users is the main and authoritative server for this domain and
    ther is not way to forward some queries about Your domain to the
    external DNS.

    --
    Tomasz Onyszko [MVP]
    T.Onyszko@w2k.pl
    http://www.w2k.pl
  3. Archived from groups: microsoft.public.win2000.dns (More info?)

    In his case, he wants to resolve mydomain.com, not WWW.mydomain.com. The
    problem is mydomain.com is also the name of his AD domain. There really is
    no easy way out yet. The fastest resolution is to explain to your users that
    you have a problem, and that they should use www.mydomain.com instead of
    mydomain.com. Of course, you can create an A record (using the "same as
    Parent" option) pointing mydomain.com to your webserver, but that has the
    potentials of causing you more grief than the one you are trying to fix.

    --
    Sincerely,

    Dèjì Akómöláfé, MCSE MCSA MCP+I
    Microsoft MVP - Directory Services
    www.readymaids.com - COMPLETE SPAM Protection
    www.akomolafe.com
    Do you now realize that Today is the Tomorrow you were worried about
    Yesterday? -anon


    "AJD" <anonymous@discussions.microsoft.com> wrote in message
    news:2156f01c45a24$5471c080$a001280a@phx.gbl...
    > Simple fix - Add a static DNS entry as WWW and point it
    > towards your external web site address. Clear your cache
    > on the computer and give it a try. Works like a charm.
    > If someone queiries www.mydomain.com, the dns will
    > resolve WWW and then the rest of the FQDN.
    >
    > ps. Had the same issue!
    >
    >
    > >-----Original Message-----
    > >(I encountered a server error on my first postattempt. I
    > apologize if
    > >this is a re-post)
    > >We use the same domain name in AD as we have for our
    > public domain.
    > >The public website is hosted by a third party. Until
    > recently,
    > >internal LAN users were able to view the website without
    > a problem.
    > >Now, if they attempt to view the public site, it
    > redirects them to our
    > >AD server. I've used NSLOOKUP and it resolves the domain
    > to the AD
    > >server as follows:
    > >______________________________________________
    > >Default Server: server01.mydomain.com
    > >Address: 192.168.1.102
    > >
    > >> mydomain.com
    > >Server: server01.mydomain.com
    > >Address: 192.168.1.102
    > >
    > >Name: mydomain.com
    > >Addresses: 192.168.1.102, 192.168.2.100
    > >______________________________________________
    > >
    > >192.168.1.102 is our SB2000 (Exchange, AD, DNS) server.
    > >192.168.2.100 is our AD replica server (WAN connection).
    > >How can I set our DNS server to direct internal LAN
    > queries for the
    > >public domain to the proper IP address? Is there a Q/KB
    > article for
    > >this? I've read through a lot of discussions about
    > manually adding a
    > >DNS entry, but none of those seem to apply to this
    > situation. Thanks
    > >in advance!
    > >
    > >-A
    > >.
    > >
  4. Archived from groups: microsoft.public.win2000.dns (More info?)

    It sounds to me as if he just needs to access his
    external web site from internal. Having the same dns
    domain name on both will be an issue until you add the
    WWW. Then he can go to IE and type www.mydomain.com.
    This will take his internal users to their website.

    ah, oh well...
    >-----Original Message-----
    >In his case, he wants to resolve mydomain.com, not
    WWW.mydomain.com. The
    >problem is mydomain.com is also the name of his AD
    domain. There really is
    >no easy way out yet. The fastest resolution is to
    explain to your users that
    >you have a problem, and that they should use
    www.mydomain.com instead of
    >mydomain.com. Of course, you can create an A record
    (using the "same as
    >Parent" option) pointing mydomain.com to your webserver,
    but that has the
    >potentials of causing you more grief than the one you
    are trying to fix.
    >
    >--
    >Sincerely,
    >
    >Dèjì Akómöláfé, MCSE MCSA MCP+I
    >Microsoft MVP - Directory Services
    >www.readymaids.com - COMPLETE SPAM Protection
    >www.akomolafe.com
    >Do you now realize that Today is the Tomorrow you were
    worried about
    >Yesterday? -anon
    >
    >
    >"AJD" <anonymous@discussions.microsoft.com> wrote in
    message
    >news:2156f01c45a24$5471c080$a001280a@phx.gbl...
    >> Simple fix - Add a static DNS entry as WWW and point it
    >> towards your external web site address. Clear your
    cache
    >> on the computer and give it a try. Works like a charm.
    >> If someone queiries www.mydomain.com, the dns will
    >> resolve WWW and then the rest of the FQDN.
    >>
    >> ps. Had the same issue!
    >>
    >>
    >> >-----Original Message-----
    >> >(I encountered a server error on my first
    postattempt. I
    >> apologize if
    >> >this is a re-post)
    >> >We use the same domain name in AD as we have for our
    >> public domain.
    >> >The public website is hosted by a third party. Until
    >> recently,
    >> >internal LAN users were able to view the website
    without
    >> a problem.
    >> >Now, if they attempt to view the public site, it
    >> redirects them to our
    >> >AD server. I've used NSLOOKUP and it resolves the
    domain
    >> to the AD
    >> >server as follows:
    >> >______________________________________________
    >> >Default Server: server01.mydomain.com
    >> >Address: 192.168.1.102
    >> >
    >> >> mydomain.com
    >> >Server: server01.mydomain.com
    >> >Address: 192.168.1.102
    >> >
    >> >Name: mydomain.com
    >> >Addresses: 192.168.1.102, 192.168.2.100
    >> >______________________________________________
    >> >
    >> >192.168.1.102 is our SB2000 (Exchange, AD, DNS)
    server.
    >> >192.168.2.100 is our AD replica server (WAN
    connection).
    >> >How can I set our DNS server to direct internal LAN
    >> queries for the
    >> >public domain to the proper IP address? Is there a
    Q/KB
    >> article for
    >> >this? I've read through a lot of discussions about
    >> manually adding a
    >> >DNS entry, but none of those seem to apply to this
    >> situation. Thanks
    >> >in advance!
    >> >
    >> >-A
    >> >.
    >> >
    >
    >
    >.
    >
  5. Archived from groups: microsoft.public.win2000.dns (More info?)

    In news:21af201c45ac4$36b1ac40$a001280a@phx.gbl,
    AJD <anonymous@discussions.microsoft.com> posted their thoughts, then I
    offered mine
    > It sounds to me as if he just needs to access his
    > external web site from internal. Having the same dns
    > domain name on both will be an issue until you add the
    > WWW. Then he can go to IE and type www.mydomain.com.
    > This will take his internal users to their website.
    >
    > ah, oh well...

    Keep in mind gentlemen, if access is needed to the domain name
    (LdapIpAddres), such as to http://domain.com in a split horizon, it can be
    done thru the registry, and then manually create the LdapIpAddress with the
    external IP, however there are compromises to be dealt with. Compromises
    such as GPOs may not apply. Why? Because the client side extensions connect
    to:
    \\domain.com\sysvol\domain.com\policies\{ThePolicy'sLongGuidNumberHere}

    If the external IP is set, then GPOs may not apply. Best to keep access to
    only as www.domain.com .


    --
    Regards,
    Ace

    Please direct all replies to the newsgroup so all can benefit.
    This posting is provided "AS-IS" with no warranties and confers no
    rights.

    Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
    Microsoft Windows MVP - Active Directory

    HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
    pig. --
    =================================
  6. Archived from groups: microsoft.public.win2000.dns (More info?)

    This will work for us, but I'm not sure how to add a static DNS entry.
    I know this will limit our users from accessing http://mydomain.com,
    but I don't think that will affect us at all. Thanks for your help.

    -A


    "AJD" <anonymous@discussions.microsoft.com> wrote in message news:<2156f01c45a24$5471c080$a001280a@phx.gbl>...
    > Simple fix - Add a static DNS entry as WWW and point it
    > towards your external web site address. Clear your cache
    > on the computer and give it a try. Works like a charm.
    > If someone queiries www.mydomain.com, the dns will
    > resolve WWW and then the rest of the FQDN.
    >
    > ps. Had the same issue!
  7. Archived from groups: microsoft.public.win2000.dns (More info?)

    In news:a4926a0a.0406291007.1635da1f@posting.google.com,
    Aaron in <elroyskimms@yahoo.com> posted their thoughts, then I offered mine
    > This will work for us, but I'm not sure how to add a static DNS entry.
    > I know this will limit our users from accessing http://mydomain.com,
    > but I don't think that will affect us at all. Thanks for your help.
    >
    > -A
    >
    >

    To create a static www entry? Easy. Rt-click your zone name, select new Host
    record, then type in www in the hostname section and give it the actual
    outside webserver's IP address. I would suggest to have your users only
    access the site with the www record and not by http://mydomain.com due to
    the ramifications.

    --
    Regards,
    Ace

    Please direct all replies to the newsgroup so all can benefit.
    This posting is provided "AS-IS" with no warranties and confers no
    rights.

    Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
    Microsoft Windows MVP - Active Directory

    HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
    pig. --
    =================================
Ask a new question

Read More

Domain Servers Windows