in a jam

[Jamie]

I've recently set up a new Windows 2000 Server AD Domain
Controller (it replaced our old Windows NT server), and is
the only server on our network. However I have a problem
now. I made the mistake of making the domain name the same
as our internet web address (which is hosted via a third-
party hosting company). Let's just call it domain.com. So
what happened is that when our workstations (mostly XP
Pros) have our domain controller's IP as the Primary IP in
the DNS server settings, we can't view our website, or
retrieve/send email for that domain. I'm assuming because
since the domain controller has the same domain name, it's
trying to browse the web services on our local server, and
check email on our local server, which doesn't have these,
so I'm getting errors, right? So what I did for a halfway
fix/temporary workaround to test was add a couple of hosts
in the DNS admin on the server, of 'www' and 'smtp', and
point those to the ip of our web host/email hosting
company's IP. With this configuration, we can go to
www.domain.com (remember, just an example) and see our
site, and we can send email. However, the major problem
lays in the pop3 server - the pop3 server that our mail
clients are supposed to be pointing to is just domain.com!
Not good! This is not working. So I've had to change the
workstations' DNS settings to not point to our domain
controller's IP address so that we can use email, but this
has created several errors in our event logs, and other
miscellaneous problems that I think are tied to not having
the workstations primary dns ip be the server's ip. So is
there anything I can do besides finding another hosting
company that will use domain.com for either pop3 or smtp
server settings? I know I could reinstall Windows on the
server and not make it the same domain name also, but I
really don't want to go through all of that, because we
all know it doesn't stop there - then there's all the
workstations to change too! So I'm really hoping
there's some advanced options in the DNS server settings
that I just don't know about that can help me here.

Thank you for any help in advance,
jamie

 

[Jonathan de Boyne Pollard]

J> the major problem lays

lies

J> in the pop3 server - the pop3 server that our mail
J> clients are supposed to be pointing to is just domain.com!

Then (in the absence of SRV resource record support) pick another name,
publish a name->address mapping for it, and reconfigure your POP3
clients to use it. Your internal view of that subtree of the DNS
namespace is under your control. You can set up whatever data you like
for whatever domain name you like.

Your external view of that subtree of the DNS namespace is under the
control of your DNS hosting company. However, you _are_ the paying
customer. Ask the DNS hosting company to publish the DNS data that you
actually want.

J> is there anything I can do besides finding another hosting company
J> that will use domain.com for [...] pop3 [...] server settings?

That's your problem. Why do you think that finding another hosting
company, that causes _exactly the same problem as you currently have_,
will be of any help to you?

 

[Ace Fekay [MVP]]

In

I've recently set up a new Windows 2000 Server AD Domain
Controller (it replaced our old Windows NT server), and is
the only server on our network. However I have a problem
now. I made the mistake of making the domain name the same
as our internet web address (which is hosted via a third-
party hosting company). Let's just call it domain.com. So
what happened is that when our workstations (mostly XP
Pros) have our domain controller's IP as the Primary IP in
the DNS server settings, we can't view our website, or
retrieve/send email for that domain. I'm assuming because
since the domain controller has the same domain name, it's
trying to browse the web services on our local server, and
check email on our local server, which doesn't have these,
so I'm getting errors, right? So what I did for a halfway
fix/temporary workaround to test was add a couple of hosts
in the DNS admin on the server, of 'www' and 'smtp', and
point those to the ip of our web host/email hosting
company's IP. With this configuration, we can go to
www.domain.com (remember, just an example) and see our
site, and we can send email. However, the major problem
lays in the pop3 server - the pop3 server that our mail
clients are supposed to be pointing to is just domain.com!
Not good! This is not working. So I've had to change the
workstations' DNS settings to not point to our domain
controller's IP address so that we can use email, but this
has created several errors in our event logs, and other
miscellaneous problems that I think are tied to not having
the workstations primary dns ip be the server's ip. So is
there anything I can do besides finding another hosting
company that will use domain.com for either pop3 or smtp
server settings? I know I could reinstall Windows on the
server and not make it the same domain name also, but I
really don't want to go through all of that, because we
all know it doesn't stop there - then there's all the
workstations to change too! So I'm really hoping
there's some advanced options in the DNS server settings
that I just don't know about that can help me here.

Thank you for any help in advance,
jamie

This is a common issue with using a split horizon namespace (same
internal/external). There's really no way around it without altering the
LdapIpAddress with registry entries, which unfortunately will *drastically*
affect GPO and DFS functionality, which is something we do not want to do.

Unfortunately, you already know the answer to your puzzle...

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.

 

[Jamie]

Well, I was really dreading that kind of answer but I kind
of had a feeling it may be that way. Thank you for the
info.

jamie

 

[Jamie]

I don't know if i was totally clear on my situation, but
I'm not an expert in DNS either, so I don't know. The
email/web hosting is done off-site with a 3rd party
company, so how could I change anything that would affect
my POP3 clients, since the hosting company dictates what
the POP and SMTP server settings are? Because it's also a
shared plan, which would lead me to belive that they
wouldn't change anything which affect all their clients
just for one company that needs different settings. But as
far as what you said about the internal DNS namespace
being under my control, and how I should configure
something of my own and point my POP3 clients to it, i
didn't quite follow you on that one. Could you maybe
elaborate on that one?

Thanks,
jamie

 

[Ace Fekay [MVP]]

In

Well, I was really dreading that kind of answer but I kind
of had a feeling it may be that way. Thank you for the
info.

Sorry for the bad news. If you could live without the need for the
'domain.com' entry, then it would work, but since you have a service that
requires it, apparently it needs to be changed.

Ace

 

[Jonathan de Boyne Pollard]

J> how could I change anything that would affect my POP3 clients,
J> since the hosting company dictates what the POP and SMTP server
J> settings are?

As I said before: You _are_ the paying customer. If you want your
hosting company to publish a public "A" resource record set for
"pop3.example.com." then get the company, that you are paying to publish
your public DNS data, to do so.

JdeBP> Then (in the absence of SRV resource record support) pick
JdeBP> another name, publish a name->address mapping for it, and
JdeBP> reconfigure your POP3 clients to use it. Your internal
JdeBP> view of that subtree of the DNS namespace is under your
JdeBP> control. You can set up whatever data you like for
JdeBP> whatever domain name you like.

J> i didn't quite follow you on that one.

Pick a name such as "pop3.example.com."; publish "A" (and if applicable
"AAAA") resource record sets for that name; and configure your POP3
clients to use that name. Your internal view of "example.com." and all
of its subdomains is entirely under your control, after all.