Internal Web clients are unable to access an externally-hosted Web site


Internal clients on a Small Business Server (SBS) domain are able to browse to all external Internet sites except for your company's own registered domain name. For example, if your company's domain name is "", internal clients would be able to view all Web sites except for "".


This behavior can occur if you have chosen your registered Internet domain name as your internal Active Directory DNS name space, and your registered Internet domain name is hosted and managed by an external entity, such as an ISP.

When you install Active Directory, it creates a DNS zone for your Active Directory domain on your DNS server. The DNS server is configured to be authoritative for that zone. Properly configured client computers are configured to use the SBS DNS server to resolve names. If the name that a client computer is trying to resolve is in a domain that is not on the SBS server, that request is forwarded to another upstream DNS server for resolution. If the SBS server has a zone that is configured for that domain, the SBS server will resolve that request locally. However, if no record exists on the SBS server, the client's request fails.


To resolve this behavior without having to reconfigure your Active Directory, you can create records in your zone that match records that are created at the external DNS server. For example, you could create a host (A) record for "WWW" in your zone that resolves to the external IP address of the ISP-hosted Web server.

To create DNS records:

  1. Start DNS Manager by clicking Start, pointing to Programs, pointing to Administrative Tools, and then clicking DNS.
  2. Expand your server branch, and then expand the Forward Lookup Zones branch.
  3. Expand the DNS name zone.
  4. On the Action menu, click New Host, and then type the name www (or other host name) in the New Host dialog box.
  5. Type the IP address of the host. You can obtain this information by contacting your ISP, or by using the ping command from a computer that is not on your network. For example, you could ping from a computer on the Internet, and it should resolve with an IP address. You may want to confirm this address with your ISP. ISP-managed IP addresses are subject to change. If this happens, you will need to update the A record you created for "www" in your DNS zone.


This behavior is by design.

More Information

The selection of a domain name for your internal namespace is an integral part of your network configuration.
For additional information about how to plan your Active Directory DNS name, click the following article number to view the article in the Microsoft Knowledge Base:

296250 The domain name system name recommendations for Small Business Server 2000