Widows 2000 DNS Entry

You may be putting a "band-aid" patch on a bigger issue. With a little more info, I bet we can all come up with a good solution.

Are you using your Windows DNS server only for internal DNS resolution?

Are you using DNS forwarding for outside DNS resolution?

From a command window on an internal workstation, when you do an "nslookup" on the web server name, what happens?

Do you get a "can't find "xyz": server failed
or some other error?

This is a good starting point to help solve the issue.
Dana

Dana, thanks for the reply. Here is the scenario. We have a Web Server with 2 network card (Web servers host name is "web_eei&quot. One of the card has the Local Network TCPIP starting with 172.16.. and so on. The other network card has the IP address of DMZ network starting with 192.168..and so on. Web server has two (2) network cards and each network card has different IP address, one for Internal Network and the other one is the DMZ Network. The first network card properties shows that the local INTERNAL IP address for the Web server is 172.16..etc.The second network card shows DMZ IP address for the WEB Server is 192.168..etc. And the EXTERNAL IP address for the zone is 65.207..etc. (This External address is assigned by ISP) We have a Active Directory with DNS "active directory integrated" DNS. ISP's DNS server are in our DNS servers "FORWARDERS"and recursion is on.

We have the following entries in our DNS server.

In the FORWARD LOOKUP ZONE - web_eei - host - 192.168...

In the FORWARD LOOKUP ZONE - web_eei - host - 172.16...

In the REVERSE LOOKUP ZONE - 172.16... - pointer -
There is no entry for the EXTERNAL IP address 65.207... (I don’t think I have to worry about this IP, becuase this is asigned by ISP, they have to worry about this)That's all the entries we have in our DNS Server. I think something is missing.

Also in our WEBsite under the "WEB SITE IDENTIFICATION" we only have the DMZ address,which is the one starts with 192.168.. we don't have an entry for the local WEB IP address (172.16..) or the local host name(web_eei), when you look into the "ADVANCED MULTIPLE SITE CONFIGURATION" page here is what you see:

IP ADRESS TCP PORT HOST HEADER NAME
192.168.. Port 80 sam ip address same port# eei

I think something is wrong with these entries, therefore we CAN’T see the Web server from inside the Company. But I don’t know what should be the correct entries for the DNS. Under the circumstances, given all three (3) IP addresses, and given all the DNS entries as above, can you please tell me what should I exactly do? Please be patient with me, English is my second language, if something is not clear, please let me know. Thanks so much. I am looking forward to hearing from you.

Thanks again - Melek

Melek,
if your only need is to allow internal users to visit your external web site from inside, would it be easiest to remove all DNS entries from your internal server?

Then all users would access it just like external users from the External IP resolved from your ISP DNS.

Are there other special needs?
Is there a reason that internal users need to access the web server from the internal address?

You would also want to make sure the web server's DNS settings under TCP/IP were set NOT to register in DNS.

Sometimes the simple way is the best.
I do not know if this applies to your setup.
Dana

P.S. Your English is very good!

Hi Dana,

I didn't realize that if you remove all the DNS entries from my DNS server (referencing the WEB Server) would enable us to see our WEBsite. Let me make sure I understand what you are saying. You are saying that I delete the entries in my DNS server referring to our WEB server, correct?

With the exception of the WEB Master, none of us has to do anything with the Website. Would my removing the DNS entries would affect him?

Also I've checked the TCP/IP properties on both the nick cards on the WEB server. They are both set to "Append primary and connection specific DNS suffixes" and "Register this connections addresses in DNS"

I hope my answers will help you, I will wait to see what you think. Again, thanks a million.

Melek

If your users only need to attach to your web server from it's external address, (If this is satisfactory) removing the internal DNS entries will cause External DNS resolution.

If your webmaster is satified to connect with IP address, or use a hosts file, then you will be fine. I would suggest checking with your webmaster to be sure he is not running any kind of applications (syncing web content) or anything that might require internal DNS resolution.

My guess is that the real issue is that your firewall is not setup to allow access to the web server in your DMZ from your internal network. Another way to solve the issue might be to allow access. But, based on the security structure of your company, you may not want to do this.

So the quick answer is Yes, removing the DNS references to the internal IPs of your web server would cause DNS queries to your ISPs DNS servers. This would resolve to the External (routable public) address.

I hope this helps.
Dana

Hi Dana,

I talked to my boss and the web master about removing the internal DNS adresses but I they did not want me to do that, they said that the web master will be doing things that will need the internal access. So what I did is the following:

1-) From IIS Admin, I added the local IP address (172.16...) with port 80 to the "Web Site Identification" advanced tab and "Advanced multiple site configuration"

2-) I added an A record for the " host name corresponding to the local address (172.16..)

3-) Then came back to my desk and type the URL of our company and prayed, IT WORKED! THANK YOU SO MUCH FOR ALL YOUR TIME, I really appreciate the help. It was so nice to be able to talk to someone else, which makes you think. Unfortunatley in my company I am alone, there aren't any technical person and I interited a very messy network. I am sure I will come back with more questions. Again, THANK YOU

Great, glad it's working!