question

JB-4488 avatar image
0 Votes"
JB-4488 asked JB-4488 commented

External site not accessbile

We have a public facing server that is inaccessible from an internal network(DNS name: 123.net). Switching to a different network with different DNS 123.com there's no problem connecting or even accessing it outside our network. Server is using DNS 123.com.
Nslookup is pointed to correct ip address from a device that uses DNS123.net. Nslookup from internal network using DNS 123.com points to correct internal IP address.

windows-dhcp-dns
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
1 Vote"
DSPatrick answered

Sounds like you might need a split brain deployment.
https://docs.microsoft.com/en-us/windows-server/networking/dns/deploy/split-brain-dns-deployment

--please don't forget to Accept as answer if the reply is helpful--


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

CandyLuo-MSFT avatar image
1 Vote"
CandyLuo-MSFT answered JB-4488 commented

Hi ,

Based on my understanding, when your clients' DNS server point to 123.net then they cannot cannot access External website. Is that right? Please feel free to let me know if I have any misunderstanding.

Did internal domain of 123.net has same name as external website? If yes and your external website name is www.123.net. Then the simple way is creating A record named www in the 123.net zone on the DC and give that record the website's IP address. Machines that query that DNS server then receives the correct response and be able to browse the website.

For more details, you can refer to the following article:

DNS Considerations in a Windows Environment with Identical Internal and External Domain Names

Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

Best Regards,
Candy


If the Answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.




· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Based on my understanding, when your clients' DNS server point to 123.net then they cannot cannot access External website. Is that right? Please feel free to let me know if I have any misunderstanding.
Blockquote

This is correct. Users are connected to a network which uses DNS 123.net (openDNS service). Pinging or tracert from a PC is resolving the correct public IP address, just cant seem to connect to it.

Did internal domain of 123.net has same name as external website? If yes and your external website name is www.123.net. Then the simple way is creating A record named www in the 123.net zone on the DC and give that record the website's IP address. Machines that query that DNS server then receives the correct response and be able to browse the website.
Blockquote

No it does not. Internal domain of 123.net is just used for this one network. 123.com is used for all of our public facing servers.







0 Votes 0 ·

Any ideas guys?

0 Votes 0 ·