DNS Issue with (Same As Parent Folder) A Records | Website resolving to internal IP addresses within agency

Toggle sidebar Toggle sidebar
Sean Kethcart

Sean Kethcart

Honorable
Jul 2, 2013
4
0
10,510
Hi all,

We recently moved our website to an outsourced vendor and it's now hosted offsite. So after changing up our internal DNS A records to point at the new site, I've had some weirdness going on I didn't foresee. My users inside the agency can get to the new website just fine using www.xxxxxxx.org and it resolves to the new IP address just fine. But when my users leave off the www. things get dicey and my users start having issues with their browsers resolving to a series of internal 10.100 addresses....

So looking at my DNS server I see the issue. Along with my A record that points to xxxxxxxx.org I have a number of other name servers that have entries that are creating (Same As Parent Folder) entries for the same domain name (our internal domain name and our external website site are the same)...i.e:

Domain: Example.org
Website: Example.org

I've never run into this before...in my previous life in the corporate world I've always worked with internally hosted sites. Any pointers for the rookie?

Thanks!
 
Solution
Beachnative


The big catastrophic things I can deal with but those little things bother me more than anything else...
Sort by date Sort by votes
Well, it seems a little google savvy turned up an answer:bounce::


http://social.technet.microsoft.com/Forums/windowsserver/en-US/4d97325b-ff3a-4f46-ba6e-dc3f4ff978e1/dns-internal-domain-has-same-name-as-external-website

Hi Interflex,
This scenario is called a Split Zone, where the name is the same internally and externally.
As Jorge indicated, it requires a registry change, but it has to be done on all DCs. This is because it is altering the "same as parent" name in DNS. This record, which many refer to it as the 'blank domain entry' (where you don't need the 'www' in front of it), however, in AD, it's referred to as the LdapIpAddress. This record is used for DFS and GPOs. It's the record your client machines query for when the GetGpoList function runs to retrieve GPOs, among other things.
You can get away with not altering the registry, but it would require installing IIS on each DC. Then in IIS, you can configure a redirect under the Default Website to point to www.abc.com. This is a quick way to handle it, but I don't condone or recommend IIS on a DC.
The third option is to have your users simply live with using www, instead of altering anything on the DCs.
I have more on it in my blog, which you can read at the link below.
Split Zone or no Split Zone - Can't Access Internal Website with External Name
http://msmvps.com/blogs/acefekay/archive/2009/09/04/split-zone-or-no-split-zone-can-t-access-internal-website-with-external-name.aspx
I hope both my blog and Jorge's blog provides a greater understanding of what's going on in a same internal and external name domain name scenario.
Ace
Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003, Microsoft Certified Trainer, Microsoft MVP - Directory Services. This posting is provided AS-IS with no warranties or guarantees and confers no rights.
Click to expand...

tl;dr ::

All,
Each of the proposed solutions are valid and each have their associated costs.
1) simply tell users they must use the 'www' record.
2) Install IIS on the DCs and redirect
3) Prevent the DCs from registering of the domain host records
All three are correct answers, when considering how to handle this issue. The solution that is actually implemented will depend on the organization. I can tell you certain factors such as user acceptance may rule out #1, security policies may rule out #2, and as Tiger indicated certain DFS and GPO operations may rule out #3, especially for those organizations that do not have alternate methods of name resolution, specifically NetBIOS where the domain name can be resolved using WINS 1C records.
Interflex, you should select one or more of the proposed solutions based on the business needs of the organziation.
Click to expand...
 
Upvote 0 Downvote


I did. It seems the "extra" A records that were populating as (Same As Parent Folder) and were being created with xxxxxxxx.org and internal IP addresses are coming from other nameservers within the agency. This is to be expected; "works as designed" and can be "shut off" with a registry tweak according to the article posted above. I think it's a bit much for the situation at hand. I think as things stand, the simplest solution in this case is simply just a broadcast email telling my users to simply append www. to access the new website from within the agency. I can push out an update to the default IE homepage any way to change it from xxxxxxx.org to www.xxxxxx.org to reduce 95% of the confusion. The vast majority of my users don't have a need to access our external website on a daily basis anyway. It was just one of those "it's broke now, how come?" things that was bothering me...
 
Upvote 0 Downvote


The big catastrophic things I can deal with but those little things bother me more than anything else...
 
Upvote 0 Downvote
Solution


Amen.

P.S. As a Chicago resident, I must say I have deep respect and admiration for your avatar. :ouimaitre:
 
Upvote 0 Downvote


Thank you, it is my favorite movie and has always been since it came out. A friend and I dressed up as the Blues Brother for Halloween the year it came out and we were the life of the party .30 years later I still hear it from friends today
 
Upvote 0 Downvote
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom