Our company has a main location and a remote location. Previously, the remote location was connected to the main location through an internet connection VPN tunnel. The connection was pitifully slow at 1.5Mbps, so we upgraded it with a 75Mbps direct link. That meant the remote location lost it's internet access, so we routed their access through the main office internet connection.
Everything works perfect except for one thing. The website we host is not accessible from the remote location unless the IP address is used.
If I do NSLOOKUP on our website address from a machine connected to the main location network, it resolves correctly to the inside IP address. However, if I do the same from a remote location machine, it resolves to the website's outside IP address.
Our internal DNS server(s) have a pointer and CNAME records set up, and everything was working perfectly before the connection was upgraded. In addition, the remote location has a domain controller, DNS server and DHCP server to service these requests at the remote location and prevent these requests from getting routed back and forth over the link.
So I think was it happening is that for some reason the DNS server at the remote location is not resolving our website name correctly and passing the requests on to the routers, which then push the request out to the internet DNS system. That resolves the name to our external IP.
This is purely a DNS issue, everything else works just fine. I am just stumped on this one.
Any ideas on how to fix this?
Oh, and FYI, there is a ASA-5505 at the remote location and a ASA-5510 at the main location. The link is connected to these devices with the 5510 handling the bulk of the routing.
We have an older W2K3 machine that is scheduled to be decomissioned/upgraded. The previous admin had set up a forward lookup zone on this machine for internal users to access our website using the public URL. Unfortunately, this lookup zone was not integrated with Active Directory and was not being replicated.
This worked fine under the old connection since it was a VPN tunnel into the main office. The Cisco devices were set up to use that machine for DNS requests. Once the connection was changed, that forward lookup zone was no longer available to clients in the remote office.
I created a forward lookup zone with appropriate entries on the W2K8 machines with DNS integrated into AD. Problem solved.