I have an issue that I could use some help with.
Our company has a main location and a remote location. Previously, the remote location was connected to the main location through an internet connection VPN tunnel. The connection was pitifully slow at 1.5Mbps, so we upgraded it with a 75Mbps direct link. That meant the remote location lost it's internet access, so we routed their access through the main office internet connection.
Everything works perfect except for one thing. The website we host is not accessible from the remote location unless the IP address is used.
If I do NSLOOKUP on our website address from a machine connected to the main location network, it resolves correctly to the inside IP address. However, if I do the same from a remote location machine, it resolves to the website's outside IP address.
Our internal DNS server(s) have a pointer and CNAME records set up, and everything was working perfectly before the connection was upgraded. In addition, the remote location has a domain controller, DNS server and DHCP server to service these requests at the remote location and prevent these requests from getting routed back and forth over the link.
So I think was it happening is that for some reason the DNS server at the remote location is not resolving our website name correctly and passing the requests on to the routers, which then push the request out to the internet DNS system. That resolves the name to our external IP.
This is purely a DNS issue, everything else works just fine. I am just stumped on this one.
Any ideas on how to fix this?
Edit: I forgot to mention that at the remote side of the link is a Cisco ASA-5505 and at the main office there is a Cisco ASA-5510. The link is connected between these 2 devices and the routing is handled in the 5510.
Thanks,
Michael
Best Answer
This is either
Scenario 1:
Make sure the remote location accesses the same (internal) DNS server that the main location uses. Test with
and make sure that the ending ";; SERVER:" output repeats that IP. Does the answer contain the private IP address?
Possible scenario: the hosts at your remote location are instructed to contact a DNS server other than the internal one.
Fix: configure the remote location computers (or the DHCP server for them) to use the internal DNS.
Scenario 2:
Make the same "dig" query from a computer at main location. Do you get the private IP addresses?
Possible scenario: views instruct the internal DNS server to respond X to some clients and Y to the rest. The new link entailed new IP addresses for the remote location, and the view mask on the internal DNS server has not been updated.
Fix: update the address mask for the view @ internal DNS.
Scenario 3:
Some routers snoop into DNS responses and, when they find your public IP address matching an internal NAT, they replace it to the local address.
Possible scenario: the DNS replies always with the public address (no views), but queries from main location go through such router and queries from remote location do not.
Fix: configure views @ internal DNS so that all internal hosts receive the internal website IP natively.