This is kind of a stab in the dark here, but I'm just guessing that in Internet Explorer you are using exception lists. And in those exception lists, you have an entry that resembles *.xyz.com. This essentially tells the client to stay inside of your proxy server to contact that web server. This is one of the many reasons it is advisable to use a different DNS namespace on the inside than you use on the outside. A solution to this problem, while not partiularly easy, is to update the exception list on the clients to include more specific DNS namespaces to stay on the inside for. Such as *intranet.xyz.com; etc. This will allow the client to stay on the inside of the Proxy server for accessing these internal sites, yet still send the client through the Proxy to the outside for accessing all other *.xyz.com sites.
>-----Original Message----- >This is kind of a stab in the dark here, but I'm just >guessing that in Internet Explorer you are using exception >lists. And in those exception lists, you have an entry >that resembles *.xyz.com. This essentially tells the >client to stay inside of your proxy server to contact that >web server. This is one of the many reasons it is >advisable to use a different DNS namespace on the inside >than you use on the outside. A solution to this problem, >while not partiularly easy, is to update the exception >list on the clients to include more specific DNS >namespaces to stay on the inside for. Such as >*intranet.xyz.com; etc. This will allow the client to >stay on the inside of the Proxy server for accessing these >internal sites, yet still send the client through the >Proxy to the outside for accessing all other *.xyz.com >sites.
> This is kind of a stab in the dark here, but I'm just > guessing that in Internet Explorer you are using exception > lists. And in those exception lists, you have an entry > that resembles *.xyz.com. This essentially tells the > client to stay inside of your proxy server to contact that > web server. This is one of the many reasons it is > advisable to use a different DNS namespace on the inside > than you use on the outside. A solution to this problem, > while not partiularly easy, is to update the exception > list on the clients to include more specific DNS > namespaces to stay on the inside for. Such as > *intranet.xyz.com; etc. This will allow the client to > stay on the inside of the Proxy server for accessing these > internal sites, yet still send the client through the > Proxy to the outside for accessing all other *.xyz.com > sites.
> Hope this helps,
> Ryan
I wouldn't say it is a rason to use a different namespace. On the contrary, the same namespace is becoming more popular lately. The original MS documentationrecommended the different namespaces, but that is now defunct and out of date.
As Kevin answered Michael's original post, all you have to do is create the necessary A record www and give it the IP of the external web server. Another way is you can delegate www to the IP of the external webserver IP also. This method offers less adminsitration if the ISP changes the website IP for whatever reason.
Proxy server on the other hand, is a different ballgame. The internal nameserver will be root for the AD zone (no forwarding). Proxy will handle name resolution for the web services for the clients.
-- Ace Please direct all replies to the newsgroup so all can benefit.
Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP Microsoft Windows MVP - Active Directory --
I think you guys may be off base here. Michael stated that he can ping the name just fine from the inside, he just can't get to it through a browser. This would mean DNS is functioning fine. That's why I'm leaning towards the proxy issue.
>"Ryan Wilderman" <ryan.wilder...@storaenso.com> wrote in message >news:31b401c2810f$9b298fc0$2ae2c90a@phx.gbl... >> This is kind of a stab in the dark here, but I'm just >> guessing that in Internet Explorer you are using exception >> lists. And in those exception lists, you have an entry >> that resembles *.xyz.com. This essentially tells the >> client to stay inside of your proxy server to contact that >> web server. This is one of the many reasons it is >> advisable to use a different DNS namespace on the inside >> than you use on the outside. A solution to this problem, >> while not partiularly easy, is to update the exception >> list on the clients to include more specific DNS >> namespaces to stay on the inside for. Such as >> *intranet.xyz.com; etc. This will allow the client to >> stay on the inside of the Proxy server for accessing these >> internal sites, yet still send the client through the >> Proxy to the outside for accessing all other *.xyz.com >> sites.
>> Hope this helps,
>> Ryan
>I wouldn't say it is a rason to use a different
namespace. On the contrary,
>the same namespace is becoming more popular lately. The original MS >documentationrecommended the different namespaces, but that is now defunct >and out of date.
>As Kevin answered Michael's original post, all you have to do is create the >necessary A record www and give it the IP of the external web server. >Another way is you can delegate www to the IP of the
>also. This method offers less adminsitration if the ISP changes the website >IP for whatever reason.
>Proxy server on the other hand, is a different ballgame. The internal >nameserver will be root for the AD zone (no forwarding). Proxy will handle >name resolution for the web services for the clients.
>-- >Ace >Please direct all replies to the newsgroup so all can benefit.
>Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP >Microsoft Windows MVP - Active Directory >--
> I think you guys may be off base here. Michael stated > that he can ping the name just fine from the inside, he > just can't get to it through a browser. This would mean > DNS is functioning fine. That's why I'm leaning towards > the proxy issue.
> Ryan
Hi Ryan
Michael didn't specifically state that he can ping by name, but for this purpose, we'll assume that. I still don't think that would cause justification of using a different namespace. But that can be a whole other discussion that we'll leave for another time.
So if it is Proxy, and he didn't specify that either, but being a good assumption, Proxy would still use DNS to resolve it. If he can ping by name from the internal machine, then I am tending to think that he doesn't have a Proxy, since it won't pass ICMP (most Proxies, depending on the vendor and/or version).
I posted a few questions to Michael. Maybe he isn';t reading the responses, especially this thread. I mentioned that this thread exists that is trying to help his issues.
-- Ace Please direct all replies to the newsgroup so all can benefit.
Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP Microsoft Windows MVP - Active Directory --
