Internet or Intranet access through sbs2003 problems

Eric,
You're describing the classic symptoms of a "split DNS."

If you named your Windows Domain the same as your Public
Internet Domain, then this is what happens...

- If you point to your LAN DNS, the DNS thinks it's
authoritative for all records, so will not forward any
unresolved requests to any other DNS. Because your LAN DNS
might contain only LAN records and no public records, you
will be able to resolve only LAN FQDNs.

- If you point to public DNS, public DNS will contain only
records for public resources and will not contain your LAN
resources. Because another DNS on the Internet is the SOA,
no DNS will forward queries to your LAN DNS unless
specially configured.

If this is your situation, short of a re-install properly
naming your Windows Domain differently, you should simply
copy your public records to your SBS DNS and continue to
point your clients to your SBS DNS.

HTH,
Tony Su





>-----Original Message-----
>Group,
>
>I seem to be having a problem with my sbs2003 server. If
I log in
>locally to the server I have access to both companyweb
(intranet) and
>the internet. However if I log onto one of my client
machines I either
>have internet access or intranet access but not both. It
seems to be
>affected by how i have the DHCP scope options set up.
According to a
>MSKB article i read the dhcp should be set to assign the
LAN card NIC
>IP address (192.168.0.7) as the primary DNS for all
clients that log
>in. When I set it up this way I have access to the
intranet site
>(http://companyweb/) but if I try to access Google or
anything on the
>internet I get denied. I can however ping internet IP
addresses.
>Puzzling...
>
>Now where it gets really interesting is if I add my ISP's
DNS servers
>to the list in the DHCP scope options I gain access to
the internet.
>However it is at the expense of my intranet website
>(http://companyweb/). I still have access to the network
and all my
>resources, just NOT companyweb. If I type server2k3 (host
name) into
>the address bar I get a sbs2003 webpage but not the
companyweb. I have
>searched high and low for any information regarding this
and have so
>far come up empty. Any help is greatly appreciated.
>
>Regards,
>Eric S.
>.
>

Eric S. wrote:

> First off let me thank everyone for their responses. I am still having
> this issue. The server is set up with two NICs. The external NIC is
> set to get its IP address via DHCP from a linksys router that is
> serving as a firewall. The internal NIC has a static IP address from
> the reserved range of the scope, in this case 192.168.0.7 .

So both nics have addresses in the range 192.168.0.x?

If so, this is wrong. The idea is to have two separate networks, so
each nic must be in a distinct network range (eg external 192.168.0.2,
internal 192.168.16.2)

>
> Tony what do you mean by split DNS? I do not have a public internet
> domain. My windows domain does have a .net extension, this was on the
> advice of the people i bought the software and server from. A
> reinstall would not be the worst thing in the world as long as I can
> get it working. As of yet I really do not have anything installed
> other than the sbs2003.

I would start over, using a .local or .lan domain name (anything not in
use for a real internet domain, and unlikely to be used in the near
future). Otherwise, you'll be in difficulty when you want to access
outside resources in domain.net.

--
Steve Foster [SBS MVP]
---------------------------------------
MVPs do not work for Microsoft. Please reply only to the newsgroups.

Eric S. wrote:

> "Steve Foster [SBS MVP]" <> wrote in
> message>
> >
> > So both nics have addresses in the range 192.168.0.x?
> >
> > If so, this is wrong. The idea is to have two separate networks, so
> > each nic must be in a distinct network range (eg external
> > 192.168.0.2, internal 192.168.16.2)
> >
> External NIC has address in the 192.168.1.x range.
>
> Internal NIC has address in the 192.168.0.x range.
>
> These are two distinctly separate ranges right?

Yes.

All nics on the server should point to the internal nic for DNS, as
should all internal clients. You specify the ISP DNS servers when
running the CEICW.

> >
> > I would start over, using a .local or .lan domain name (anything
> > not in use for a real internet domain, and unlikely to be used in
> > the near future).
>
> Right now I have a domain.net name. I also own the rights to use that
> name on the internet, however I do not have it (domain.net) assigned
> to any IP address so it wouldn't be searchable from the www. This was
> done on the advice of a SBS2003 "expert".

Your internet domain has nothing to do with the AD domain name. You can
configure SBS to receive email for the internet domain when you run the
CEICW.

There's no good reason to use your public domain name for the internal
network name. It's actually easier to keep them separate, by using a
..local name for the SBS AD.

The install screen for SBS2003 actually explains all this, and strongly
encourages use of a .local domain. Your expert is not much of an expert.

> >
> > Otherwise, you'll be in difficulty when you want to access
> > outside resources in domain.net.
> >
>
> How would this cause problems?

SBS will not forward requests for DNS names in domain.net out to the
net (because it "owns" domain.net), so if www.domain.net is hosted by
an ISP, you cannot access it from your LAN by default. You can work
around it, but if your AD domain is something else, there's nothing to
work around.


--
Steve Foster [SBS MVP]
---------------------------------------
MVPs do not work for Microsoft. Please reply only to the newsgroups.