DNS issue

Cliff Kramer · ‎10-09-2002

My companies website doesn't resolve internally, unless you go to it by IP address. I think it is because in DNS the root domain is called the same as the external website. Is it possible to change the name of the root domain??? Our website isn't hosted "in house".

Jeff Schussele · ‎10-09-2002

Hi Cliff,

Seems to me that whomever is hosting your website should also be handling your internal DNS requests from the website.
They need to set their DNS server to point to yours when resolving your internal domain.

My 2 cents,
Jeff

PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!

Cliff Kramer · ‎10-09-2002

Thanx,
I made a change last week that caused this issue, I deleted the "." zone. I think that if I change the root domain of DNS (which is the website name) to something else that would also stop the problem.

John Dvorchak · ‎10-09-2002

We used to do the same thing at the last place I worked. Both the internal and external domain name was the same. No problem. Our ISP handled the DNS for our external site, www,mail,ftp etc. and we had and internal DNS server that handled DNS for the systems inside of our firewall. We just made and entry in the internal DNS for the www, ftp etc Internet addresses there. So internally we could resolve any local and non local address we wished and the domain name was the same in both places. You just have to have to DNS servers, one inside for local and remote resolutions, and one outsid that the world sees for our Internet site that only had www,mail,ftp in it's list.

If it has wheels or a skirt, you can't afford it.

Jordan Bean · ‎10-09-2002

Never delete the "." zone (type hint) from recursive name servers that are used for general resolution. It defines the root servers that queries will follow for non-local information. This "root domain" is the absolute top level parent of all .com, .net, etc. It does not define the root of you site.

Cliff Kramer · ‎10-09-2002

Jordan,
If you say never delete the "." zone and I already did, how do I get it back???

Jordan Bean · ‎10-09-2002

The attached zone file should be sufficient. The zone entry in named.conf looks like this:

zone "." {
type hint;
file "hint";
};

Cliff Kramer · ‎10-09-2002

So I can just add a new "." zone???

Cliff Kramer · ‎10-09-2002

John,
Where did you add that stuff in on the internal DNS server???

Jordan Bean · ‎10-09-2002

Yes, the hint zone can be added back like any other zone.

The only time you don't need that zone is if the name server is non-recursive, expected only to respond with local zone data.

But if your clients rely on the name server to resolve everything, then it must be recursive and this zone must be defined.

Jordan Bean · ‎10-09-2002

The senario that John describes is typically called "split DNS" and is quite common, if not standard. It means that a domain name resolves differently from either side [of a firewall].

This can be accomplished using two name servers (an external one that should be non-recursive, and an internal one that must be recursive).

Or it can be handled by a single single server running two instances of BIND8, or a single instance of BIND9 using views.

Cliff Kramer · ‎10-09-2002

My internal users do rely on the name server to resolve everything, and it is resolving everything, except the www.ourcompany.com website. Out forward lookup zone is called ourcompany.com.

Jordan Bean · ‎10-09-2002

I'm confused. What do mean when you say "in DNS the root domain is called the same as the external website"? I can't adivse on changing the domain name while I'm confused.

In DNS, an A record can be defined for the domain (zone) and "www" can be a cname record to the domain. For example:

@ SOA ...
@ IN A 1.2.3.4
@ IN NS 1.2.3.5
@ IN NS 1.2.3.6
www IN CNAME @

@ refers to the zone name and is literal.

This way, domain.com and www.domain.com both resolve to 1.2.3.4.

Cliff Kramer · ‎10-09-2002

I'll start over, I'm confused as well. This problem started last weekend when I deleted the "." zone. We were having DNS naming issues with the local PC's.
I got rid of the "." zone and then added the forwarders into the mycompany.com forward lookup zone, which was alredy there. So from DHCP the clients get the local IP for the primary DNS and the 2 from our ISP as the secondaries. The only problem exists when they type our website into the internet browser, everything else resolves fine. It works by IP, just not by name. I think that it's taking the www.mycompany.com and taking it to the local machine because our domain is called mycompany.com and so is our forward lookup zone.

Jordan Bean · ‎10-09-2002

Ah, you're using forwarders which are used to resolve non-local queries. If forwarding fails, then the hint zone is referenced to continue trying. If configured to only forward, then the hint zone is never referenced (and can be deleted) and the query drops dead. In either case the name server still responds to local queries for which it is authoritative (eg mycompany.com).

Still drilling... Okay, your primary and secondary (not slave) servers all have the mycompany.com zone defined, right? We know that www.mycompany.com works from the outside, which means it is defined in the secondaries. However, I have to ask, is it also defined in the primary server's zone? If not, the query will fail because the primary is authoritative for that domain and will not forward. If so, is it correct?

Cliff Kramer · ‎10-10-2002

That's most likely the issue. Where in the primary server (which is local) would I define it???

Jordan Bean · ‎10-10-2002

In the zone file for mycompany.com add a A record for www and incremement the serial number in the SOA record (1st # in paranthesis). For example:

@ IN SOA ns1.mycompany.com. hostmaster.mycompany.com. ( 10800 3600 604800 86400 )
@ IN NS ns1.mycompany.com.
@ IN NS ns2.mycompany.com.
@ IN MX 0 mx1.mycompany.com.
@ IN MX 0 mx2.mycompany.com.
ns1 IN A 1.2.3.2
ns2 IN A 1.2.4.2
mx1 IN A 1.2.3.3
mx2 IN A 1.2.4.3
www IN A 1.2.3.4

Also, you most likely want reverse resolution, so do likewise for the reverse lookup zone (ie 2.1.in-addr.arpa.). For example:

@ IN SOA ns1.mycompany.com. hostmaster.mycompany.com. ( 10800 3600 604800 86400 )
@ IN NS ns1.mycompany.com.
@ IN NS ns2.mycompany.com.
3.2 IN PTR ns1.mycompany.com.
4.2 IN PTR ns2.mycompany.com.
3.3 IN PTR mx1.mycompany.com.
4.3 IN PTR mx2.mycompany.com.
3.4 IN PTR www.mycompany.com.

These two examples show zone authority delegated to two name servers, ns1 and ns2, where one is primary and the other is a slave. I recommend having two redundant name servers if at all possible. Do not include your ISP's name servers unless they are configured to be slaves to your's (meaning they mirror your zone data). Also, two mail exchangers have been defined for mycompany.com, but are not needed for the reverse lookup zone.

Cliff Kramer · ‎10-10-2002

Thanx, I will give it a shot tomorrow when I'm back in the office.

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

DNS issue

DNS issue

Re: DNS issue

Re: DNS issue

Re: DNS issue

Re: DNS issue

Re: DNS issue

Re: DNS issue

Re: DNS issue

Re: DNS issue

Re: DNS issue

Re: DNS issue

Re: DNS issue

Re: DNS issue

Re: DNS issue

Re: DNS issue

Re: DNS issue

Re: DNS issue

Re: DNS issue