PDA

View Full Version : configure Active Directory DNs to resolve a url using a specified ip address



chiefnz
22-06-2009, 12:24 PM
Ok the scenario is as follows...

We have a company website which is
http://www.company-name.co.nz We have since purchased a new domain which is
http://www.companyname.co.nz

When users on our network go to
http://www.company-name.co.nz the company website displays correctly.

When the users on our network go to
http://www.companyname.co.nz they get a page load error cannot find the website.

However, if you disconnect from the corporate network and access the Internet via a different source then you can access
http://www.companyname.co.nz without any issues.

I can access it from my home PC as well as on my company laptop using my Internet connection at home.

What we have done is setup a forwarder entry in the Active directory DNS console to use our firewall to resolve the address
http://www.companyname.co.nz

This however, is not working.

So I need to know how I set up the DNS so that it uses our firewall to resolve the address correctly.

Your help appreciated.

Thanks,

SolMiester
22-06-2009, 12:56 PM
Have you flushed the DNS on the server? What are you using for proxy?

chiefnz
22-06-2009, 01:13 PM
Performed a DNS flush on both server and client machines without success.

We're using a automatic configuration script for the proxy.

format is


http://server.domain.co.nz/proxy.pac

Cheers,

Erayd
22-06-2009, 01:18 PM
Is there any chance you could post the contents of the proxy.pac file here please?

chiefnz
22-06-2009, 01:58 PM
It's unlikely to be the proxy script as the address is being resolved from DNS to DNS (Firewall). So it isn't actually going from our DNS server to the firewall... well that's what we want. These addresses are internal so the proxy is by-passed for internal addresses.

Hope that helps.

I am unable to post a copy of the proxy file at this stage.


Cheers,

SolMiester
22-06-2009, 02:32 PM
So, you are saying the web-site is hosted internally, and the forwarder for the site goes to the firewall IP addy, which in turn bypasses for internal addressing?

How have you entered the DNS entry in the firewall

Barnabas
22-06-2009, 02:49 PM
Like SOL said is it hosted internally or externally? If its internal then simply create a new zone in AD for companyname.co.nz and point it to the appropriate server. If its hosted externally then you should change the DNS forwarder for the site to an external dns server, particularly if the firewall is a member of the domain (ISA?) otherwise it will be going round in circles.

chiefnz
22-06-2009, 03:14 PM
No the site is hosted externally. Accessing the site from outside the company network is fine... It just cannot be access from within the corporate network.

We use Checkpoint NGX as our firewall on a hardware appliance. there are no DNS tries on the firewall for address resolution. If a request requires DNS resoltuion from outaside the network, the firewall forwards the request to an external DNS server (our ISP) and the address is resolved that way.

OK another thing, I have just discovered that if I by-pass the proxy server and connect to the Internet directly via the firewall... I cannot access the site. If I use the proxy server it works ok.

Cheers,

Barnabas
22-06-2009, 03:20 PM
does the site resolve to the correct ip when using nslookup or ping? If there are no tries registering on the firewall then it sounds like your internal DNS servers are responding with a reply that is wrong.

If you do a Control F5 to refresh the site while connected to the proxy server does it still work or is it just serving up a cached version that used to work?

SolMiester
22-06-2009, 04:24 PM
ChiefNZ, i'm confused mate, if you use the proxy internal, it resolves okay, if you dont and go straight out it doesnt?....wouldnt you want everyone using the proxy anyway?

chiefnz
22-06-2009, 05:33 PM
Ok, the issue has been resolved...

and yes Sol, all Internet access is via proxy but we have some users who access the Internet directly through the firewall.

the issue is that we have not purchased the domain
http://companyname.co.nz we have only purchased
http://www.companyname.co.nz

thanks for all your efforts.

Erayd
22-06-2009, 06:05 PM
Chiefnz: That's incorrect - if you own www.companyname.co.nz, then you *must* also own companyname.co.nz, as www.companyname.co.nz is a subdomain of it - no registrar will allow you to own a subdomain without owning the domain it belongs to as well. It's possible that it may be pointed at the wrong IP though, as they will have separate A records.

chiefnz
23-06-2009, 02:02 PM
I agree, we are looking into the problem further.

Bloody management... always think they know better.

I will keep you all posted.

nofam
23-06-2009, 02:36 PM
Bloody management... always think they know better.



If I had a dollar for every time I thought that. . . . . . .:p