move of internal website.

Archived from groups: microsoft.public.isa.configuration,microsoft.public.win2000.dns (More info?)

Sorry for the X Post but this involves both DNS and ISA.

Up until last week I hosted a website at www.myschool.co.uk which also
happens to be my AD Domain name. This website was hosted on an internal IIS
server and ISA had a rule published to allow access though the firewall.

Last week I had to change the DNS at our ISP to point www.myschool.co.uk to
an external IP address. I can resolve to the new site from outside of
school but on any computer inside of school domain.

I turnned off IIS and repointed the DNS record to the external IP where the
site is hosted but ISA denies access. I tried IPCONFIG /FLUSHDNS but that
makes no difference.

I understand the situation - I want to resolve an internal DNS name to an
external IP address however I have spent 3 hours on it and I am tearing my
hair out!!

any ideas?

Regards

Mark
6 answers Last reply
More about move internal website
  1. Archived from groups: microsoft.public.win2000.dns (More info?)

    On Tue, 20 Jul 2004 17:02:58 +0100, "Mark Scott"
    <m@rk-5c0tt@8lu3y0nd3r.c0.uk> wrote:

    >Sorry for the X Post but this involves both DNS and ISA.

    Not according to your statement:

    >I turnned off IIS and repointed the DNS record to the external IP where the
    >site is hosted but ISA denies access.

    If ISA denies access, then it's an ISA issue, not a DNS one.

    Jeff
  2. Archived from groups: microsoft.public.win2000.dns (More info?)

    Thanks Jeff, but is it an issue hosting an "internal" website externally?
    ie www is not actually part of the domain space but is hosted somewhere
    else?

    "Jeff Cochran" <jeff.nospam@zina.com> wrote in message
    news:41037e6d.196627655@msnews.microsoft.com...
    > On Tue, 20 Jul 2004 17:02:58 +0100, "Mark Scott"
    > <m@rk-5c0tt@8lu3y0nd3r.c0.uk> wrote:
    >
    >>Sorry for the X Post but this involves both DNS and ISA.
    >
    > Not according to your statement:
    >
    >>I turnned off IIS and repointed the DNS record to the external IP where
    >>the
    >>site is hosted but ISA denies access.
    >
    > If ISA denies access, then it's an ISA issue, not a DNS one.
    >
    > Jeff
  3. Archived from groups: microsoft.public.isa.configuration,microsoft.public.win2000.dns (More info?)

    >>>Last week I had to change the DNS at our ISP to point www.myschool.co.uk
    to
    an external IP address

    So, you have 2 different DNS servers. One internally, and one at your ISP.
    This is good. So, now you need to ensure that on the INTERNAL DNS server,
    www.myschool.co.uk is pointed to the INTERNAL IP address of the site, not
    the PUBLISHED IP address.

    Second, you want to ensure that ALL your internal clients are using ONLY
    your INTERNAL DNS server in their TCP/IP (or DHCP) configuration.

    --
    Sincerely,

    Dèjì Akómöláfé, MCSE MCSA MCP+I
    Microsoft MVP - Directory Services
    www.readymaids.com - COMPLETE SPAM Protection
    www.akomolafe.com
    Do you now realize that Today is the Tomorrow you were worried about
    Yesterday? -anon


    "Mark Scott" <m@rk-5c0tt@8lu3y0nd3r.c0.uk> wrote in message
    news:#IJAEMnbEHA.1356@TK2MSFTNGP09.phx.gbl...
    > Sorry for the X Post but this involves both DNS and ISA.
    >
    > Up until last week I hosted a website at www.myschool.co.uk which also
    > happens to be my AD Domain name. This website was hosted on an internal
    IIS
    > server and ISA had a rule published to allow access though the firewall.
    >
    > Last week I had to change the DNS at our ISP to point www.myschool.co.uk
    to
    > an external IP address. I can resolve to the new site from outside of
    > school but on any computer inside of school domain.
    >
    > I turnned off IIS and repointed the DNS record to the external IP where
    the
    > site is hosted but ISA denies access. I tried IPCONFIG /FLUSHDNS but that
    > makes no difference.
    >
    > I understand the situation - I want to resolve an internal DNS name to an
    > external IP address however I have spent 3 hours on it and I am tearing my
    > hair out!!
    >
    > any ideas?
    >
    > Regards
    >
    > Mark
    >
    >
    >
  4. Archived from groups: microsoft.public.isa.configuration,microsoft.public.win2000.dns (More info?)

    Thanks but you misunderstood my question. The (ex) Internal website is now
    housed externally about 50 miles away from the domain. My ISA server is
    kicking up because I have to send www.myschool.co.uk through the firewall
    whereas before it was internal.

    ISA pops up a login box when I try to browse to the site, it won't accept
    any logins I give it and then gives up with a forbidden error.

    "Deji Akomolafe" <deji@REMOVEPADDINGakomolafedotcom> wrote in message
    news:etzWS2zbEHA.2520@TK2MSFTNGP12.phx.gbl...
    >>>>Last week I had to change the DNS at our ISP to point www.myschool.co.uk
    > to
    > an external IP address
    >
    > So, you have 2 different DNS servers. One internally, and one at your ISP.
    > This is good. So, now you need to ensure that on the INTERNAL DNS server,
    > www.myschool.co.uk is pointed to the INTERNAL IP address of the site, not
    > the PUBLISHED IP address.
    >
    > Second, you want to ensure that ALL your internal clients are using ONLY
    > your INTERNAL DNS server in their TCP/IP (or DHCP) configuration.
    >
    > --
    > Sincerely,
    >
    > Dèjì Akómöláfé, MCSE MCSA MCP+I
    > Microsoft MVP - Directory Services
    > www.readymaids.com - COMPLETE SPAM Protection
    > www.akomolafe.com
    > Do you now realize that Today is the Tomorrow you were worried about
    > Yesterday? -anon
    >
    >
    > "Mark Scott" <m@rk-5c0tt@8lu3y0nd3r.c0.uk> wrote in message
    > news:#IJAEMnbEHA.1356@TK2MSFTNGP09.phx.gbl...
    >> Sorry for the X Post but this involves both DNS and ISA.
    >>
    >> Up until last week I hosted a website at www.myschool.co.uk which also
    >> happens to be my AD Domain name. This website was hosted on an internal
    > IIS
    >> server and ISA had a rule published to allow access though the firewall.
    >>
    >> Last week I had to change the DNS at our ISP to point www.myschool.co.uk
    > to
    >> an external IP address. I can resolve to the new site from outside of
    >> school but on any computer inside of school domain.
    >>
    >> I turnned off IIS and repointed the DNS record to the external IP where
    > the
    >> site is hosted but ISA denies access. I tried IPCONFIG /FLUSHDNS but
    >> that
    >> makes no difference.
    >>
    >> I understand the situation - I want to resolve an internal DNS name to an
    >> external IP address however I have spent 3 hours on it and I am tearing
    >> my
    >> hair out!!
    >>
    >> any ideas?
    >>
    >> Regards
    >>
    >> Mark
    >>
    >>
    >>
    >
    >
  5. Archived from groups: microsoft.public.isa.configuration,microsoft.public.win2000.dns (More info?)

    You probably need to re-describe the problem then. You said earlier that you
    published the Website in ISA. IF the webserver is OUTSIDE (50 miles away),
    the the ISA is NOT protecting it. If that's the case, then there is nothing
    for you to publish in ISA.

    You just need to create a www A record in your INTERNAL myschool.co.uk DNS
    zone and give it the PUBLIC IP address of www.myschool.co.uk (the one that
    is used externally by everyone else)

    --
    Sincerely,

    Dèjì Akómöláfé, MCSE MCSA MCP+I
    Microsoft MVP - Directory Services
    www.readymaids.com - COMPLETE SPAM Protection
    www.akomolafe.com
    Do you now realize that Today is the Tomorrow you were worried about
    Yesterday? -anon


    "Mark Scott" <m@rk-5c0tt@8lu3y0nd3r.c0.uk> wrote in message
    news:#7aKcL1bEHA.3788@TK2MSFTNGP10.phx.gbl...
    > Thanks but you misunderstood my question. The (ex) Internal website is
    now
    > housed externally about 50 miles away from the domain. My ISA server is
    > kicking up because I have to send www.myschool.co.uk through the firewall
    > whereas before it was internal.
    >
    > ISA pops up a login box when I try to browse to the site, it won't accept
    > any logins I give it and then gives up with a forbidden error.
    >
    > "Deji Akomolafe" <deji@REMOVEPADDINGakomolafedotcom> wrote in message
    > news:etzWS2zbEHA.2520@TK2MSFTNGP12.phx.gbl...
    > >>>>Last week I had to change the DNS at our ISP to point
    www.myschool.co.uk
    > > to
    > > an external IP address
    > >
    > > So, you have 2 different DNS servers. One internally, and one at your
    ISP.
    > > This is good. So, now you need to ensure that on the INTERNAL DNS
    server,
    > > www.myschool.co.uk is pointed to the INTERNAL IP address of the site,
    not
    > > the PUBLISHED IP address.
    > >
    > > Second, you want to ensure that ALL your internal clients are using ONLY
    > > your INTERNAL DNS server in their TCP/IP (or DHCP) configuration.
    > >
    > > --
    > > Sincerely,
    > >
    > > Dèjì Akómöláfé, MCSE MCSA MCP+I
    > > Microsoft MVP - Directory Services
    > > www.readymaids.com - COMPLETE SPAM Protection
    > > www.akomolafe.com
    > > Do you now realize that Today is the Tomorrow you were worried about
    > > Yesterday? -anon
    > >
    > >
    > > "Mark Scott" <m@rk-5c0tt@8lu3y0nd3r.c0.uk> wrote in message
    > > news:#IJAEMnbEHA.1356@TK2MSFTNGP09.phx.gbl...
    > >> Sorry for the X Post but this involves both DNS and ISA.
    > >>
    > >> Up until last week I hosted a website at www.myschool.co.uk which also
    > >> happens to be my AD Domain name. This website was hosted on an
    internal
    > > IIS
    > >> server and ISA had a rule published to allow access though the
    firewall.
    > >>
    > >> Last week I had to change the DNS at our ISP to point
    www.myschool.co.uk
    > > to
    > >> an external IP address. I can resolve to the new site from outside of
    > >> school but on any computer inside of school domain.
    > >>
    > >> I turnned off IIS and repointed the DNS record to the external IP where
    > > the
    > >> site is hosted but ISA denies access. I tried IPCONFIG /FLUSHDNS but
    > >> that
    > >> makes no difference.
    > >>
    > >> I understand the situation - I want to resolve an internal DNS name to
    an
    > >> external IP address however I have spent 3 hours on it and I am tearing
    > >> my
    > >> hair out!!
    > >>
    > >> any ideas?
    > >>
    > >> Regards
    > >>
    > >> Mark
    > >>
    > >>
    > >>
    > >
    > >
    >
    >
  6. Archived from groups: microsoft.public.isa.configuration,microsoft.public.win2000.dns (More info?)

    In news:%237aKcL1bEHA.3788@TK2MSFTNGP10.phx.gbl,
    Mark Scott <m@rk-5c0tt@8lu3y0nd3r.c0.uk> asked for help and I offered my
    suggestions below:
    > Thanks but you misunderstood my question. The (ex) Internal website
    > is now housed externally about 50 miles away from the domain. My ISA
    > server is kicking up because I have to send www.myschool.co.uk
    > through the firewall whereas before it was internal.
    >
    > ISA pops up a login box when I try to browse to the site, it won't
    > accept any logins I give it and then gives up with a forbidden error.
    >

    Did you create a rule in ISA to allow this sort of traffic and apply it?
    From what you said earlier, you couldn't resolve it. Now you're saying it
    does resolve it? If its note resolving and assuming that ISA is allowing
    access to the old internal machine that you said you turned off the website
    on it, then that would explain the login box.

    Its not resolving externally since from what I'm surmizing (assuming) is
    that it won't be able to because your internal and external names are the
    same (split horizon zone). So that said, have you tried to manually create
    the www record on your internal DNS and manually give it the actual new IP
    address of the new webserver?

    --
    Regards,
    Ace

    Please direct all replies ONLY to the Microsoft public newsgroups
    so all can benefit.

    This posting is provided "AS-IS" with no warranties or guarantees
    and confers no rights.

    Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
    Microsoft Windows MVP - Windows Server - Directory Services

    Security Is Like An Onion, It Has Layers
    HAM AND EGGS: A day's work for a chicken;
    A lifetime commitment for a pig.
    --
    =================================
Ask a new question

Read More

Internet Service Providers Microsoft DNS Windows