move of internal website.

[Mark Scott]

Sorry for the X Post but this involves both DNS and ISA.

Up until last week I hosted a website at www.myschool.co.uk which also
happens to be my AD Domain name. This website was hosted on an internal IIS
server and ISA had a rule published to allow access though the firewall.

Last week I had to change the DNS at our ISP to point www.myschool.co.uk to
an external IP address. I can resolve to the new site from outside of
school but on any computer inside of school domain.

I turnned off IIS and repointed the DNS record to the external IP where the
site is hosted but ISA denies access. I tried IPCONFIG /FLUSHDNS but that
makes no difference.

I understand the situation - I want to resolve an internal DNS name to an
external IP address however I have spent 3 hours on it and I am tearing my
hair out!!

any ideas?

Regards

Mark

 

[Jeff Cochran]

Sorry for the X Post but this involves both DNS and ISA.

Not according to your statement:

I turnned off IIS and repointed the DNS record to the external IP where the
site is hosted but ISA denies access.

If ISA denies access, then it's an ISA issue, not a DNS one.

Jeff

 

[Mark Scott]

Thanks Jeff, but is it an issue hosting an "internal" website externally?
ie www is not actually part of the domain space but is hosted somewhere
else?

 

[Deji Akomolafe]

Last week I had to change the DNS at our ISP to point www.myschool.co.uk
to
an external IP address

So, you have 2 different DNS servers. One internally, and one at your ISP.
This is good. So, now you need to ensure that on the INTERNAL DNS server,
www.myschool.co.uk is pointed to the INTERNAL IP address of the site, not
the PUBLISHED IP address.

Second, you want to ensure that ALL your internal clients are using ONLY
your INTERNAL DNS server in their TCP/IP (or DHCP) configuration.

--
Sincerely,

Dèjì Akómöláfé, MCSE MCSA MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - COMPLETE SPAM Protection
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon

 

[Mark Scott]

Thanks but you misunderstood my question. The (ex) Internal website is now
housed externally about 50 miles away from the domain. My ISA server is
kicking up because I have to send www.myschool.co.uk through the firewall
whereas before it was internal.

ISA pops up a login box when I try to browse to the site, it won't accept
any logins I give it and then gives up with a forbidden error.

 

[Ace Fekay [MVP]]

In

Thanks but you misunderstood my question. The (ex) Internal website
is now housed externally about 50 miles away from the domain. My ISA
server is kicking up because I have to send www.myschool.co.uk
through the firewall whereas before it was internal.

ISA pops up a login box when I try to browse to the site, it won't
accept any logins I give it and then gives up with a forbidden error.

Did you create a rule in ISA to allow this sort of traffic and apply it?
From what you said earlier, you couldn't resolve it. Now you're saying it
does resolve it? If its note resolving and assuming that ISA is allowing
access to the old internal machine that you said you turned off the website
on it, then that would explain the login box.

Its not resolving externally since from what I'm surmizing (assuming) is
that it won't be able to because your internal and external names are the
same (split horizon zone). So that said, have you tried to manually create
the www record on your internal DNS and manually give it the actual new IP
address of the new webserver?

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.

 

[Deji Akomolafe]

You probably need to re-describe the problem then. You said earlier that you
published the Website in ISA. IF the webserver is OUTSIDE (50 miles away),
the the ISA is NOT protecting it. If that's the case, then there is nothing
for you to publish in ISA.

You just need to create a www A record in your INTERNAL myschool.co.uk DNS
zone and give it the PUBLIC IP address of www.myschool.co.uk (the one that
is used externally by everyone else)

--
Sincerely,

Dèjì Akómöláfé, MCSE MCSA MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - COMPLETE SPAM Protection
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon