| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 100828 | 2009-06-22 00:24:00 | configure Active Directory DNs to resolve a url using a specified ip address | chiefnz (545) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 784486 | 2009-06-22 00:24:00 | Ok the scenario is as follows... We have a company website which is http://www.company-name.co.nz We have since purchased a new domain which is http://www.companyname.co.nz When users on our network go to http://www.company-name.co.nz the company website displays correctly. When the users on our network go to http://www.companyname.co.nz they get a page load error cannot find the website. However, if you disconnect from the corporate network and access the Internet via a different source then you can access http://www.companyname.co.nz without any issues. I can access it from my home PC as well as on my company laptop using my Internet connection at home. What we have done is setup a forwarder entry in the Active directory DNS console to use our firewall to resolve the address http://www.companyname.co.nz This however, is not working. So I need to know how I set up the DNS so that it uses our firewall to resolve the address correctly. Your help appreciated. Thanks, |
chiefnz (545) | ||
| 784487 | 2009-06-22 00:56:00 | Have you flushed the DNS on the server? What are you using for proxy? | SolMiester (139) | ||
| 784488 | 2009-06-22 01:13:00 | Performed a DNS flush on both server and client machines without success. We're using a automatic configuration script for the proxy. format is server.domain.co.nz Cheers, |
chiefnz (545) | ||
| 784489 | 2009-06-22 01:18:00 | Is there any chance you could post the contents of the proxy.pac file here please? | Erayd (23) | ||
| 784490 | 2009-06-22 01:58:00 | It's unlikely to be the proxy script as the address is being resolved from DNS to DNS (Firewall). So it isn't actually going from our DNS server to the firewall... well that's what we want. These addresses are internal so the proxy is by-passed for internal addresses. Hope that helps. I am unable to post a copy of the proxy file at this stage. Cheers, |
chiefnz (545) | ||
| 784491 | 2009-06-22 02:32:00 | So, you are saying the web-site is hosted internally, and the forwarder for the site goes to the firewall IP addy, which in turn bypasses for internal addressing? How have you entered the DNS entry in the firewall |
SolMiester (139) | ||
| 784492 | 2009-06-22 02:49:00 | Like SOL said is it hosted internally or externally? If its internal then simply create a new zone in AD for companyname.co.nz and point it to the appropriate server. If its hosted externally then you should change the DNS forwarder for the site to an external dns server, particularly if the firewall is a member of the domain (ISA?) otherwise it will be going round in circles. | Barnabas (4562) | ||
| 784493 | 2009-06-22 03:14:00 | No the site is hosted externally. Accessing the site from outside the company network is fine... It just cannot be access from within the corporate network. We use Checkpoint NGX as our firewall on a hardware appliance. there are no DNS tries on the firewall for address resolution. If a request requires DNS resoltuion from outaside the network, the firewall forwards the request to an external DNS server (our ISP) and the address is resolved that way. OK another thing, I have just discovered that if I by-pass the proxy server and connect to the Internet directly via the firewall... I cannot access the site. If I use the proxy server it works ok. Cheers, |
chiefnz (545) | ||
| 784494 | 2009-06-22 03:20:00 | does the site resolve to the correct ip when using nslookup or ping? If there are no tries registering on the firewall then it sounds like your internal DNS servers are responding with a reply that is wrong. If you do a Control F5 to refresh the site while connected to the proxy server does it still work or is it just serving up a cached version that used to work? |
Barnabas (4562) | ||
| 784495 | 2009-06-22 04:24:00 | ChiefNZ, i'm confused mate, if you use the proxy internal, it resolves okay, if you dont and go straight out it doesnt?....wouldnt you want everyone using the proxy anyway? | SolMiester (139) | ||
| 1 2 | |||||