Good day, my local domain (example.com) has the same name as my website domain name (www.example.com). When the website is visited on the internal network, it resolves to the internal server. How do I use the Forward Lookup Zones in the domain controller to forward the domain to the web when ever the website is visited. A step by step instruction will be appreciated.
-
My local domain has the same name as my website domain name
-
You shouldn't use .com for internal naming on any network. In Microsoft, I used .local. In Ubuntu, they prefer .lan
https://wp.scsiraidguru.com is my web site. The server is servername.scsiraidguru.lan
You change the server name in Linux in the /etc/hostname file and /etc/hosts file
192.168.1.1 servername.scsiraidguru.lan servername
This will resolve hostname and hostname -f (fdqn).
What OS are you using? Make sure you check reverse lookup too.
I just configured at my house pridns.scsiraidguru.lan and secdns.scsiraidguru.lan for DNS. I added DHCP and DHCPv6 to pridns.
-
Hello @OJ,
I believe your question is about name resolution issues.
Forward lookup zones will not solve your problem in this case, since you are using a single namespace for internal and external hosts.
You'll need to make an A record for www in your internal AD zone and point it to the public IP of your web server.
-
Determine the public IP address of your web server. You can do this by using ping. Ping www.example.com and note the IP address the name resolves to.
-
Open the DNS console and navigate to the example.com zone.
-
Right-click the zone and choose "New Host (A or AAAA)..."
-
Enter "www" for the Host
-
Enter the IP address from step 1
-
Click "Add Host"
If you have more than one public IP address for your web server, you can repeat the above steps for each one, using the same host name "www". Windows-based DNS will round-robin between all of them by default.
Keep in mind your users must enter the full FQDN. They need to type "www.example.com", not just "example.com".
This is a common issue when using a single namespace for internal and external resources.
Hope this helps,
Mike Rodrick
Edutainer, ITProTV**if the post above has answered the question, please mark the topic as solved.
-
-
@OJ,
As for your naming convention, it might be to late, or to much work (lol) to change that. If you wanted to make the change, your best bet, and what Microsoft will recommend, is to use a subdomain for your internal namespace. For example, internal.example.com or corp.example.com for your internal namespace, using example.com for your external namespace.
At one time, people would use dummy DNS names, like example.local or example.internal. Using unofficial top-level domains (.local or .internal or .lan for example) is not recommended. It is not supported by internet standards.
RFC 2606 (http://tools.ietf.org/html/rfc2606 ) if you need help sleeping.
The standards could also be changed. They add new TLDs frequently. What was a dummy, non-routable TLD, like .lan, might all of a sudden, be a routable TLD, that you will need to register before someone else does.
I also wouldn't recommend modifying the hosts file. While this might work in a lab environment (I use it in my home network), it's not a scalable solution. The hosts file would need to be modified on every machine. This is a lot of work, and introduces room for error (I'm going to make at least one typo, lol) If the IP address of the web server ever changes, you will need to change every hosts file, again. It also wouldn't be easy to load balance between multiple addresses.
Here is some additional information from Microsoft.
https://social.technet.microsoft.com/wiki/contents/articles/34981.active-directory-best-practices-for-internal-domain-and-network-names.aspxHope this helps,
Mike Rodrick
Edutainer, ITProTV**if the post above has answered the question, please mark the topic as solved.
-
@Mike-Rodrick
Thank you Mr. Mike. I followed the process:
Determine the public IP address of your web server. You can do this by using ping. Ping www.example.com and note the IP address the name resolves to.Opened the DNS Manager
Navigated to Forward Lookup Zones
Right-clicked example.com and choose "New Host (A or AAAA)..."
Enter "www" in the "Name (uses parent domain name if blank) field."
The second field has the damain www.example.com (Fully qualified domain name (FQDN)
Enter the IP address from step 1 in the in the IP address field
Click "Add Host"
and I am getting the error message bellow. Please advice.
-
Hey @OJ ,
The error indicates you do not have a reverse lookup zone created. Uncheck the box "Create associated pointer (PTR) record" and you should be able to add the record.
Let me know if this works,
Mike Rodrick
Edutainer, ITProTV**if the post above has answered the question, please mark the topic as solved.
-
It did not work. The error message now states, "The host record www.example.com cannot be created. The record already exists."
-
Then it must have succeeded in creating the new A record the first time, even though it failed at creating the PTR record.
Check the DNS zone and verify the new record exists.
Then see if your users can connect to the website.
Mike Rodrick
Edutainer, ITProTV**if the post above has answered the question, please mark the topic as solved.
-
I checked the DNS zone and the new record did not exist.
-
Install the Microsoft server patches and reboot. I have found several DNS and DHCP fixes in patches. Make sure your NS servers are properly listed with forward and reverse records. I would do screen shots of the forward and reverse entries to make sure all of them are accounted for. I have had to create many reverse ptr entries. Make sure your subnets are properly laid out. The pointer records go under their reverse DNS loopup arpa
-
I checked the DNS Forward Lookup Zone and the new record is now there
but I still cannot access the website. -
There is not patch available to install. I checked the DNS zone and the new record is now there
but I still cannot access the website. -
At home, I have two wordpress web sites.
Internally, 192.168.1.x and 192.168.1.y are their addresses. Externally, One web server is on WAN1. Other one is on WAN2.
If you are outside my firewall, the DNS records point to the proper WAN IP. I have a Virtual IP rule on the firewall that states all 443 traffic that hits a WAN port translates it to the proper internal address.
Inside my firewall or when I IPSEC VPN from work to home, I use my hosts file on my work workstation to point to the internal IP address.
At Godaddy on my DNS page for SCSIRAIDGURU.com. The A record points to the WAN port than the web server with scsiraidguru.com is installed.
On the firewall
Policy has a VIP rule that WAN1 forwards to IP of that web server.
