internal/external DNS resolution problem


J

Josh H

I have a client that uses several laptops to access a sharepoint portal both
internally and externally. We have an entry for portal.client.com on the
internal DNS server and the DHCP server hands out the internal DNS server's
IP. Users are able to access the site externally but many times internally
they have an issue where the website portal.client.com is resolving to the
external (router's) ip and prompting them to log into the routers web
console. I have created a batch file that executes ipconfig /flushdns then
ipconfig /registerdns and sometimes this works but many times it does not and
we have to reboot, flush the cache ect. The clients are all XP pro and the
Server is a windows 2003 box. Any suggestions?
 
Ad

Advertisements

M

Meinolf Weber [MVP-DS]

Hello Josh,

Create an A record named www and point it to the internal webserver ip address.
This should help.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
 
J

Josh H

I have an A record called "portal" pointed to the internal address
 
A

Ace Fekay [MCT]

Josh H said:
I have a client that uses several laptops to access a sharepoint portal
both
internally and externally. We have an entry for portal.client.com on the
internal DNS server and the DHCP server hands out the internal DNS
server's
IP. Users are able to access the site externally but many times internally
they have an issue where the website portal.client.com is resolving to the
external (router's) ip and prompting them to log into the routers web
console. I have created a batch file that executes ipconfig /flushdns then
ipconfig /registerdns and sometimes this works but many times it does not
and
we have to reboot, flush the cache ect. The clients are all XP pro and the
Server is a windows 2003 box. Any suggestions?

It sounds like to me that if sometimes the users get the internal address
and sometimes the external address, that your infrastructure has a mixture
of internal and external DNS servers. I assume this is an AD infrastructure.
If so, the cardinal rule behind AD, as you may already be aware of, is to
only use the internal DNS server(s) in their IP properties. Now in your
case, even if you are not using AD, you must only use the internal DNS
server(s) or your solution will continue to have problems with mixed
results, and IMHO, a batch file to flush the local cache on each machine is
additional administrative overhead that can be avoided.

Let's take a look at your infrastructure to better assist with a more
specific diagnosis.Please post an unedited ipconfig /all of a sample client
machine and of your DC or server. I assume your DHCP server is a Windows
server. Also confirm that the DHCP service is not running on your router(s).

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Please reply back to the newsgroup or forum to benefit from collaboration
among responding engineers, and to help others benefit from your resolution.

Ace Fekay, MCT, MCSE, MCSA 2003 & 2000, MCSA Messaging
Microsoft Certified Trainer
(e-mail address removed)
http://twitter.com/acefekay

For urgent issues, you may want to contact Microsoft PSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
 
J

Josh H

This is the DC

PPP adapter RAS Server (Dial In) Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP)
Physical Address. . . . . . . . . : 00-53-45-00-00
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.10.10.11
Subnet Mask . . . . . . . . . . . : 255.255.255.25
Default Gateway . . . . . . . . . :

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1
Physical Address. . . . . . . . . : 00-15-17-3F-B8
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.10.10.101
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.10.10.254
DNS Servers . . . . . . . . . . . : 10.10.10.101

This is the Web server with that runs the Sharepoint site:

Windows IP Configuration

Host Name . . . . . . . . . . . . : app-01
Primary Dns Suffix . . . . . . . : domain.info
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.info

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
Physical Address. . . . . . . . . : 00-15-C5-5E-73-50
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.10.10.222
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IP Address. . . . . . . . . . . . : 10.10.10.221
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IP Address. . . . . . . . . . . . : 10.10.10.220
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IP Address. . . . . . . . . . . . : 10.10.10.200
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.10.10.254
DNS Servers . . . . . . . . . . . : 10.10.10.101
 
A

Ace Fekay [MCT]

Josh H said:
This is the DC

PPP adapter RAS Server (Dial In) Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP)
Physical Address. . . . . . . . . : 00-53-45-00-00
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.10.10.11
Subnet Mask . . . . . . . . . . . : 255.255.255.25
Default Gateway . . . . . . . . . :

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1
Physical Address. . . . . . . . . : 00-15-17-3F-B8
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.10.10.101
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.10.10.254
DNS Servers . . . . . . . . . . . : 10.10.10.101

This is the Web server with that runs the Sharepoint site:

Windows IP Configuration

Host Name . . . . . . . . . . . . : app-01
Primary Dns Suffix . . . . . . . : domain.info
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.info

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
Physical Address. . . . . . . . . : 00-15-C5-5E-73-50
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.10.10.222
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IP Address. . . . . . . . . . . . : 10.10.10.221
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IP Address. . . . . . . . . . . . : 10.10.10.220
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IP Address. . . . . . . . . . . . : 10.10.10.200
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.10.10.254
DNS Servers . . . . . . . . . . . : 10.10.10.101
Thanks for posting the info. What about the client machine?

Also, the DC is multihomed. Did you know this is not a recommended practice
with DCs due to DNS registrations and inconsistencies it creates, besides AD
problems? So curious, why is there a PPP adapter? Is RRAS on it? Also not a
recommended practice. I mean if you need the multihoming, I have a complete
step by step to force AD to properly register into DNS so it functions
properly. It involves registry alterations. If interested, I can post that.

But let's see the client machine, please.

If the client machines are only using 10.10.10.101, then I can't see why the
clients are resolving to the WAN IP address unless they are using an
external DNS.

Ace
 
Ad

Advertisements

J

Josh H

The DC only has one NIC and one IP address... except for the RRAS.. it is
used for VPN access. So I would not say its multihomed. The Web server does
have several IPs on one adapter

here is the client info... and it is getting a second DNS that is external.

Windows IP Configuration

Host Name . . . . . . . . . . . . : LT-16
Primary Dns Suffix . . . . . . . : domain.info
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.info

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit
Cont
roller
Physical Address. . . . . . . . . : 00-23-AE-2F-A8-75
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 10.10.10.24
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.10.10.254
DHCP Server . . . . . . . . . . . : 10.10.10.101
DNS Servers . . . . . . . . . . . : 10.10.10.101
4.2.2.2
Primary WINS Server . . . . . . . : 10.10.10.101
Lease Obtained. . . . . . . . . . : Wednesday, July 15, 2009
10:03:48 AM

Lease Expires . . . . . . . . . . : Thursday, July 23, 2009 10:03:48
AM
 
M

Meinolf Weber [MVP-DS]

Hello Josh,

Domain internal do dot use ISPs DNS server like 4.2.2.2 on the NICs of any
machine. That ones have to be configured as Forwarders on the DNS server
properties in the DNS management console.

And you have a multihome DC with your configuration, because RRAS is on it
and so a second ip is configured on the DC and so Ace's description is correct.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
 
Ad

Advertisements

A

Ace Fekay [MCT]

Josh H said:
Thank You! I will implement that as a best practice.
Good to hear!

If I may suggest, how about a firewall/VPN device, such as a Cisco ASA to
handle your VPN requirements? It has web-based SSL VPN capabilities(clients
can download and install the VPN client through its website), and it's a
much more secure connection, as well as that it relieves the addtional
processing power of the DC, as well as alleviate the multihoming issue.

Ace
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top