website not resolving

[Erik]

First, my setup.

I have a firewall with a trusted and an optional side.

On the trusted side I have a two win2k domain controllers running dns & dchp
for our company network (primary & secondary).
On the optional side I am running web, mail and sql servers, with the web
and mail servers also functioning as nameservers.
I have 4 websites on the webserver, all using the same IP address and host
headers.

The users on the trusted are no longer able to get to one of the websites.
I had to go to all the users' computers in our company and add the site to
their hosts file for them to get to the site.

Due to email problems, and not having a backup mailserver, I stopped hosting
dns for this site and am hosting the dns elsewhere. The problem with this
site did not happen till at least 2 weeks after I a made the change.
I've been someone thrust into solving this, I am a web/database developer,
and since I am the most knowledgeable about computers, I have also taken on
the IT role.

Not knowing too much about DNS, I added the ip and url of the site to the
host files of the dns servers, to no avail. Is there somewhere I can look
to see what is causing url not to resolve to the proper ip address? By
altering all the host files in the company, I have found a way around the
problem, but that is merely a band-aid. I would like to know why this is
happening.

Side note: I don't think it's the firewall.

 

[Ace Fekay [MVP]]

Hi Erik...inline...

In

First, my setup.

I have a firewall with a trusted and an optional side.

Optional side? It's usually referred to as the DMZ.

On the trusted side I have a two win2k domain controllers running dns
& dchp for our company network (primary & secondary).
On the optional side I am running web, mail and sql servers, with the
web and mail servers also functioning as nameservers.
I have 4 websites on the webserver, all using the same IP address and
host headers.

Is the internal AD DNS domain name the same as your external domain name?

The users on the trusted are no longer able to get to one of the
websites. I had to go to all the users' computers in our company and
add the site to their hosts file for them to get to the site.

Not sure why you would want to use the HOSTS files since that is awkward,
time consuming and can be inconsistent. It's much easier to just create the
record in DNS under your zone name.

For example, if they are trying to connect to www.yourdomain.com, then under
yourdomain.com, just create a www record and give it the IP address of the
website.

Due to email problems, and not having a backup mailserver, I stopped
hosting dns for this site and am hosting the dns elsewhere. The
problem with this site did not happen till at least 2 weeks after I a
made the change.

All you changed was the SOA nameserver reference. I'm going to assume that
the IP addresses are still the same for your website and are still in DNS.
Unless your internal machines are using some external DNS, which if you are
doing that, it can cause major problems in this configuration.

I've been someone thrust into solving this, I am a web/database
developer, and since I am the most knowledgeable about computers, I
have also taken on the IT role.

Not knowing too much about DNS, I added the ip and url of the site to
the host files of the dns servers, to no avail. Is there somewhere I
can look to see what is causing url not to resolve to the proper ip
address?

Couple things that would affect this
1. What DNS address is the clients using?
2. If using an external DNS, remove that and ONLY use the internal DNS.
3. If the internal DNS has the incorrect IPs, and you are only using the
internal DNS (as recommended), then obviously, the IPs are incorrect. Just
change them to reflect what they should resolve to.

By altering all the host files in the company, I have found
a way around the problem, but that is merely a band-aid. I would
like to know why this is happening.

Side note: I don't think it's the firewall.

Note: Don't use HOSTS files. It will complicate and confuse the matter. Just
use the internal DNS server(s), and make sure the records are correct. For
efficient Internet name resolution, use a forwarder, as outlined how to in
this article:
http://support.microsoft.com/?id=300202.

Hope that helps

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory