Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Widows 2000 DNS Entry

Widows 2000 DNS Entry

Widows 2000 DNS Entry

I can't see our Website locally (within our company) but we can see it from any workstation outside the company.  I am told to add a www host record for our WEB server on our internal DNS servers.  Can someone please tell me how to exactly add this entry. What it's not clear to me is, do I add the Internal IP address of the WEB server and as a host name put "www.companyname.com"; or just WEB server IP address and host name "www"

Please help, I am desperate.  Thanks

RE: Widows 2000 DNS Entry

You may be putting a "band-aid" patch on a bigger issue. With a little more info, I bet we can all come up with a good solution.

Are you using your Windows DNS server only for internal DNS resolution?

Are you using DNS forwarding for outside DNS resolution?

From a command window on an internal workstation, when you do an "nslookup" on the web server name, what happens?

Do you get a "can't find "xyz": server failed
or some other error?

This is a good starting point to help solve the issue.

RE: Widows 2000 DNS Entry

Dana, thanks for the reply.  Here is the scenario.  We have a Web Server with 2 network card (Web servers host name is "web_eei").  One of the card has the Local Network TCPIP starting with 172.16.. and so on.  The other network card has the IP address of DMZ network starting with 192.168..and so on.  Web server has two (2) network cards and each network card has different IP address, one for Internal Network and the other one is the DMZ Network.  The first network card properties shows that the local INTERNAL IP address for the Web server is 172.16..etc.The second network card shows DMZ IP address for the WEB Server is 192.168..etc. And the EXTERNAL IP address for the zone is 65.207..etc. (This External address is assigned by ISP) We have a Active Directory with DNS "active directory integrated" DNS.  ISP's DNS server are in our DNS servers "FORWARDERS"and recursion is on.

We have the following entries in our DNS server.

In the FORWARD LOOKUP ZONE - web_eei - host - 192.168...

In the FORWARD LOOKUP ZONE - web_eei - host - 172.16...

In the REVERSE LOOKUP ZONE - 172.16... - pointer - www.companyname.com

There is no entry for the EXTERNAL IP address 65.207... (I don’t think I have to worry about this IP, becuase this is asigned by ISP, they have to worry about this)That's all the entries we have in our DNS Server. I think something is missing.

Also in our WEBsite under the "WEB SITE IDENTIFICATION" we only have the DMZ address,which is the one starts with 192.168.. we don't have an entry for the local WEB IP address (172.16..) or the local host name(web_eei), when you look into the "ADVANCED MULTIPLE SITE CONFIGURATION" page here is what you see:

192.168..          Port 80         www.companyname.com
sam ip address     same port#      eei

I think something is wrong with these entries, therefore we CAN’T see the Web server from inside the Company.  But I don’t know what should be the correct entries for the DNS.  Under the circumstances, given all three (3) IP addresses, and given all the DNS entries as above, can you please tell me what should I exactly do?  Please be patient with me, English is my second language, if something is not clear, please let me know.  Thanks so much.  I am looking forward to hearing from you.

Thanks again - Melek

RE: Widows 2000 DNS Entry

if your only need is to allow internal users to visit your external web site from inside, would it be easiest to remove all DNS entries from your internal server?

Then all users would access it just like external users from the External IP resolved from your ISP DNS.

Are there other special needs?
Is there a reason that internal users need to access the web server from the internal address?

You would also want to make sure the web server's DNS settings under TCP/IP were set NOT to register in DNS.

Sometimes the simple way is the best.
I do not know if this applies to your setup.

P.S. Your English is very good!

RE: Widows 2000 DNS Entry

Hi Dana,

I didn't realize that if you remove all the DNS entries from my DNS server (referencing the WEB Server) would enable us to see our WEBsite.  Let me make sure I understand what you are saying.  You are saying that I delete the entries in my DNS server referring to our WEB server, correct?  

With the exception of the WEB Master, none of us has to do anything with the Website.  Would my removing the DNS entries would affect him?

Also I've checked the TCP/IP properties on both the nick cards on the WEB server. They are both set to "Append primary and connection specific DNS suffixes" and "Register this connections addresses in DNS"

I hope my answers will help you, I will wait to see what you think.  Again, thanks a million.


RE: Widows 2000 DNS Entry

If your users only need to attach to your web server from it's external address, (If this is satisfactory) removing the internal DNS entries will cause External DNS resolution.

If your webmaster is satified to connect with IP address, or use a hosts file, then you will be fine. I would suggest checking with your webmaster to be sure he is not running any kind of applications (syncing web content) or anything that might require internal DNS resolution.

My guess is that the real issue is that your firewall is not setup to allow access to the web server in your DMZ from your internal network. Another way to solve the issue might be to allow access. But, based on the security structure of your company, you may not want to do this.

So the quick answer is Yes, removing the DNS references to the internal IPs of your web server would cause DNS queries to your ISPs DNS servers. This would resolve to the External (routable public) address.

I hope this helps.

RE: Widows 2000 DNS Entry

Hi Dana,

I talked to my boss and the web master about removing the internal DNS adresses but I they did not want me to do that, they said that the web master will be doing things that will need the internal access.  So what I did is the following:

1-) From IIS Admin, I added the local IP address (172.16...) with port 80 to the "Web Site Identification" advanced tab and "Advanced multiple site configuration"

2-) I added an A record for the "www" host name corresponding to the local address (172.16..)

3-) Then came back to my desk and type the URL of our company and prayed, IT WORKED!  THANK YOU SO MUCH FOR ALL YOUR TIME, I really appreciate the help.  It was so nice to be able to talk to someone else, which makes you think.  Unfortunatley in my company I am alone, there aren't any technical person and I interited a very messy network.  I am sure I will come back with more questions.  Again, THANK YOU

RE: Widows 2000 DNS Entry

Great, glad it's working!

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close