DNS and Web Hosting and SBS2000

Discussion in 'DNS Server' started by Robert, Dec 9, 2003.

  1. Robert

    Robert Guest

    Currently I'm hosting my own website on a SBS2000 server behind a router.
    The www.domain.com points to a nameserver outside the network, say
    Dave.domain.com and one that is running the website inside the network, say
    Bob.domain.com (which is also the DNS for the LAN). When an nslookup for
    www.domain.com is performed on Dave.domain.com it resolves the address of
    Bob.domain.com, the server running the website. Users are able to browse
    the www.domain.com or the ip address with a browser fine due to
    Dave.domain.com. However Bob.domain.com doesn't seem to be servicing
    outside clients. Users inside the network are able to browse www.domain.com
    or the ip address and find the website. If a nslookup is performed inside
    the network for www.domain.com Bob.domain.com or either IP addresses for
    bob.domain.com the ip address is resolved with the domain.local and it's
    private ip address. If a nslookup for www.domain.com is performed on
    Bob.domain.com outside the network an error is returned. Can't find server
    name (Public IP address) and the request times out.

    Now the router forwards traffic on port 53. ISA server in SBS picks up the
    traffic on an network card and passes it after filtering content and what
    not to the internal network card. So Bob.domain.com has two ip address say and from router). I have the DNS filter
    running, Packet filters to allow DNS traffic and server publishing rules to
    publish the server. The ISA server logs indicate traffic on port 53 so I
    know the router is forwarding correctly. In then DNS sever there are two
    zones: domain.local and domain.com

    SOA - bob.domain.local
    NS - bob.domain.local
    NS - bob.domain.com
    NS - dave.domain.com
    MX - bob.domain.local
    Host records for:
    Bob -
    Dave - Dave's external ip address
    mail - Public IP address of Bob (Which is also an exchange server)
    www - Public IP address of Bob (Which is also running IIS 5.0)

    What's the deal? What's going wrong? What am I missing?....It may be time
    to pick up the 2X4 sitting next to me labeled technical adjustment tool.

    Robert, Dec 9, 2003
    1. Advertisements

  2. Jonathan de Boyne Pollard, Dec 11, 2003
    1. Advertisements

  3. In
    So you're saying that dave.domain.com is your "external" DNS server that is
    hosting public IP addresses and that bob.domain.com is your internal DNS
    server taht is hosting private IP records of your internal AD
    Trying to get this straight...now you;re saying that bob.domain.com is your
    internal DNS server and is ALSO your web server?
    When you say users, you mean external users?
    That is your internal webserver, I'm assuming....
    I'm assuming here that's what you want since the webserver is internal,

    That's just a message (not an error) which is due to you not having a
    reverse zone for your internal subnet and/or if you do, you don;t have a PTR
    entry for you DNS server. It's just trying to get the name of your DNS
    server for you out of the reverse zone. Create a reverse zone and a PTR for
    the DNS IP or just ignore it. Nslookup still works.
    2x4's are not indicative of a solution here...

    I would say that you're mixing public and private IPs on your DNS server.
    This is not good and will cause numerous errors. With all due respect, I'm
    trying to follow your train of thought, but it;'s all in one big paragraph
    and have the battle is disseminating it and putting it into a means that I
    can undertand it.

    If you're saying that when internal users try to go to www.domain.com but
    are getting the external ISA's IP, then that is a problem with any NAT
    device (ISA or not) where it will not loop back the request. If this is your
    case, as I mentioned, mixing public and private records on one DNS server
    will cause this isse and the internal DNS should only have private records.

    If you can elaborate on my comments, I would appreciate it, or correct me
    where I'm wrong.


    Please direct all replies to the newsgroup so all can benefit.
    This posting is provided "AS IS" with no warranties.

    Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
    Microsoft Windows MVP - Active Directory
    Ace Fekay [MVP], Dec 14, 2003
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.