Creating zone on my 'internal' DNS servers to allow unique..

[magoo]

Archived from groups: microsoft.public.win2000.dns (More info?)

External DNS namespace is
"mycompany.com"

Internal DNS namespace is
"it.mycompany.com"

Problem:
I want to let people access my company's website using one URL, regardless
whether people are on the "internal" or on the "Internet". As is now, users
need to type https://mainsite.mycompany.com if they are on the Internet.
If users are "inside" my organization, they need to type https://mainsite

if I go to the "internal" DNS servers (which contains zone
'it.mycompany.com') and I create a zone named:
"mycompany. com" and I create a "host" record named:
mainsite = IP=1.1.1.1

I could associate this IP and name with my website.

Is this the correct way to implement this "unique" URL and eliminate need to
type different URL's if they are inside or outside the organization ?
Also, is there any chance of conflict in DNS since I will have a zone
(mycompany.com) with same name than it appears on the 'external' DNS servers
? Please advise.

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

"Magoo" <nospammagoo@hotmail.com> wrote in message
news:#p0S$CfaFHA.724@TK2MSFTNGP12.phx.gbl...
> External DNS namespace is
> "mycompany.com"
>
> Internal DNS namespace is
> "it.mycompany.com"
>
> Problem:
> I want to let people access my company's website using one URL, regardless
> whether people are on the "internal" or on the "Internet". As is now,
users
> need to type https://mainsite.mycompany.com if they are on the Internet.
> If users are "inside" my organization, they need to type https://mainsite

They should also be able to type mainsite.mycompany.com,
but one wonders why you don't use the conventional "www"
instead of "mainsite"???

Internal machines in an AD domain will NOT (generally)
be able to use a bare domain name (e.g., domain.com) if that
is the same name as an AD domain -- the DCs use this name
for their own purposes.

If you setup DNS correct then External customers in this latter
case may type either:

servername(usually www).domain.com or domain.com

Internal users must always type:

servername(usually www).domain.com

OR if using IE: http://NetBIOSServerName/
(must be short than 16 characters)

> if I go to the "internal" DNS servers (which contains zone
> 'it.mycompany.com') and I create a zone named:
> "mycompany. com" and I create a "host" record named:
> mainsite = IP=1.1.1.1

You must not do this unless you include EVERY relevant
name from that zone -- essentially it is safest to be a secondary
to the external zone in this case.

If you cannot be a secondary to the external zone (e.g., you
run the same named zone for an AD domain) then you must
manually add ALL records relevant to your internal users.

> I could associate this IP and name with my website.
>
> Is this the correct way to implement this "unique" URL and eliminate need
to
> type different URL's if they are inside or outside the organization ?

It depends on the location, setup, and purposes of your
variour domains -- but above the rules are stated explictly
which are true for pretty much any situation.

> Also, is there any chance of conflict in DNS since I will have a zone
> (mycompany.com) with same name than it appears on the 'external' DNS
servers
> ? Please advise.

No, the problem is not "conflict" but rather that you will
make the internal version of the names either incomplete
or allow it to go stale when changes are made.

Any conflict is done on purpose usually.

Also note, if you don't use the external zone name internally
you don't need ANY of those records if you can resolve
external records correctly in general.

You only need such tricks when you have the need to use
the DNS domain/zone in both areas.

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

>
>

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:%23p0S$CfaFHA.724@TK2MSFTNGP12.phx.gbl,
Magoo <nospammagoo@hotmail.com> posted this:
> External DNS namespace is
> "mycompany.com"
>
> Internal DNS namespace is
> "it.mycompany.com"
>
> Problem:
> I want to let people access my company's website using one URL,
> regardless whether people are on the "internal" or on the "Internet".
> As is now, users need to type https://mainsite.mycompany.com if they
> are on the Internet.
> If users are "inside" my organization, they need to type
> https://mainsite
>
> if I go to the "internal" DNS servers (which contains zone
> 'it.mycompany.com') and I create a zone named:
> "mycompany. com" and I create a "host" record named:
> mainsite = IP=1.1.1.1
>
> I could associate this IP and name with my website.
>
> Is this the correct way to implement this "unique" URL and eliminate
> need to type different URL's if they are inside or outside the
> organization ?
> Also, is there any chance of conflict in DNS since I will have a zone
> (mycompany.com) with same name than it appears on the 'external' DNS
> servers ? Please advise.

I take it https://mainsite.mycompany.com is hosted locally and is why local
users cannot access the site by the address published in the public zone?
Create a new zone named mainsite.mycompany.com, then in that zone create a
new host, leave the name field blank and give it the IP of the web server.


--?
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================

 

[magoo]

Archived from groups: microsoft.public.win2000.dns (More info?)

Thanks for the reply.
This is the problem:
The site is published via ISA 2004. Then if the *internal* users try to hit
the https://mainsite.mycompany.com , ISA identifies the request as 'spoofing
on the external interface of the ISA box'. Thererefore it denies all
packets. That's a feature of ISA.
That's the reason why internal users cannot access the address published in
the public zone.








"Kevin D. Goodknecht Sr. [MVP]" <admin@nospam.WFTX.US> wrote in message
news:eBxYpGhaFHA.3040@TK2MSFTNGP14.phx.gbl...
> In news:%23p0S$CfaFHA.724@TK2MSFTNGP12.phx.gbl,
> Magoo <nospammagoo@hotmail.com> posted this:
>> External DNS namespace is
>> "mycompany.com"
>>
>> Internal DNS namespace is
>> "it.mycompany.com"
>>
>> Problem:
>> I want to let people access my company's website using one URL,
>> regardless whether people are on the "internal" or on the "Internet".
>> As is now, users need to type https://mainsite.mycompany.com if they
>> are on the Internet.
>> If users are "inside" my organization, they need to type
>> https://mainsite
>>
>> if I go to the "internal" DNS servers (which contains zone
>> 'it.mycompany.com') and I create a zone named:
>> "mycompany. com" and I create a "host" record named:
>> mainsite = IP=1.1.1.1
>>
>> I could associate this IP and name with my website.
>>
>> Is this the correct way to implement this "unique" URL and eliminate
>> need to type different URL's if they are inside or outside the
>> organization ?
>> Also, is there any chance of conflict in DNS since I will have a zone
>> (mycompany.com) with same name than it appears on the 'external' DNS
>> servers ? Please advise.
>
> I take it https://mainsite.mycompany.com is hosted locally and is why
> local
> users cannot access the site by the address published in the public zone?
> Create a new zone named mainsite.mycompany.com, then in that zone create a
> new host, leave the name field blank and give it the IP of the web server.
>
>
> --?
> Best regards,
> Kevin D4 Dad Goodknecht Sr. [MVP]
> Hope This Helps
> ===================================
> When responding to posts, please "Reply to Group"
> via your newsreader so that others may learn and
> benefit from your issue, to respond directly to
> me remove the nospam. from my email address.
> ===================================
> http://www.lonestaramerica.com/
> ===================================
> Use Outlook Express?... Get OE_Quotefix:
> It will strip signature out and more
> http://home.in.tum.de/~jain/software/oe-quotefix/
> ===================================
> Keep a back up of your OE settings and folders
> with OEBackup:
> http://www.oehelp.com/OEBackup/Default.aspx
> ===================================
>
>

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:%23NXzl7haFHA.740@tk2msftngp13.phx.gbl,
Magoo <nospammagoo@hotmail.com> posted this:
> Thanks for the reply.
> This is the problem:
> The site is published via ISA 2004. Then if the *internal* users try
> to hit the https://mainsite.mycompany.com , ISA identifies the
> request as 'spoofing on the external interface of the ISA box'.
> Thererefore it denies all packets. That's a feature of ISA.
> That's the reason why internal users cannot access the address
> published in the public zone.
>

If that is the case, then following my reply should resolve this.



--?
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================