Websites on internal webserver, external users can access but internal users get "This page can't be displayed"
My setup: modem to router to multiple PCs/Server. The Server (2008r2) acts as DC and is hosting a couple VMs. The DC has DNS, IIS, ADCS installed. All PCs are part of the domain.
My ISP assigns dynamic addresses, so I am using Dynamic DNS (from dyn.com) to manage my public IP address. All the DNS records for websites are on the dyn.com service (e.g., on dyn: www.example.com Host A pointing to 135.x.x.x).
I believe my problem has to do with using 'example.com' for both the domain name and public websites (www.example.com). I found this site http://msmvps.com/blogs/acefekay/archive/2009/09/04/split-zone-or-no-split-zone-can-t-access-internal-website-with-external-name.aspx, which describes my problem, but none of the 3 scenarios describe the resolution exactly. (Scenario 1 says the webserver is external.)
1. What is the best way to resolve my issue? (By best, I mean safest, most secure, best practice, etc.)
- Because I already installed CertServices and such, I assume the best way would be to start from scratch. (i.e., reinstall server, create the domain as example.local then create an additional forward zone for example.com
2. What is the easiest way to resolve my issue?
- I assume adding a Host record pointing to the internal private IP address for the webservers. But will this create problems accessing from outside the network? Will there be a conflict between the dynDNS address and the internal DNS address?
- From PC (www.example.com) returns "This page can't be displayed"
- From mobile (www.example.com) returns the webpage
- From PC (mail.example.com/owa) returns login page
- From mobile (mail.example.com/owa) returns 404 (but I think I'm missing a port forward here)
First thing I'd try in terms of getting to the bottom of what's happen would be to ping www.example.com and mail.example.com from a local machine and from an external machine (or use something like the DNS Lookup test at http://www.dnsstuff.com/tools or elsewhere to ping those records). If everything is correct the two tests from the local PC should be to your local IP range, while the two external results should be to your external IP. I'm guessing they won't be, but the combination will confirm which bits have issues.
From your description I take it you configure all the DNS records in Dyn manually (though it obviously updates the IP used when your connection changes), so there's no connection between it and your local DNS records? From what I understand about Dyn you have an app on the server which updates them with your current public IP, but I don't think it integrates with your local DNS, so changing local records should have no effect on the records there.
To be certain though, check your local DNS server and see where mail.example.com is pointing. Since it's working locally I'd imagine it's pointing to the relevant internal IP address, whereas the external lookup goes to your external IP, and if that's the case there's definitely no connection between your DNS and Dyn and you can safely add a www A record to your local DNS pointing to your internal IP, which will then let your local users connect to the site and not effect the external users.