0

MY QUESTION: I want to run a web application on sub-domain subdomain.example.com. Sub-domain is created by ISP on their DNS server and forwarded to external web host. None of clients can access the sub-domain from within LAN. It works outside of LAN, even on different ISP. I am using Windows 2012 R2 domain controller. Router has port 80 open.

Tried:

  • Created A record on local DNS with IP of my ISP DNS server.
  • Outbound access from firewall is not restricted.
  • Created separate zone on local DNS with A record pointing to ISP DNS server.

What am I missing? I am thoroughly lost.

shaolinmonk
  • 3
  • 5

1 Answers1

1

It sounds like you're running into an issue requiring NAT Loopback to be enabled on your router. From Wikipedia:

NAT loopback, also known as NAT hairpinning or NAT reflection,[6] is a feature in many consumer routers[7] which allows a user to connect to his/her own public IP address from inside the LAN. This is especially useful when, for example, a website is hosted at that IP address.

Look for options in the documentation for your router to enable NAT loopback - once enabled, as above, you should find that clients on the LAN are able to access the web server using the FQDN which resolves to the public IP of the router which then in turn forwards port 80 to the web server.

EDIT:

It looks like you've substantially changed your question to change its overall meaning, which is somewhat confusing. In any case - the A record(s) you've created for the subdomain in question should point at the IP of the webserver you want to access - not the DNS servers of the ISP.

BE77Y
  • 2,577
  • 3
  • 17
  • 23
  • I cannot find NAT loopback on my Peplink Balance, though tried 1-to-1 NAT mapping with no success. Could it be because the sub-domain was created by my ISP (A record) and not by the other company that handles original domain registration? – shaolinmonk May 14 '15 at 04:01
  • No - the fact that you're able to access the server correctly from an external network indicates that the DNS and NAT are both correctly configured for external access. The reason you need NAT loopback on your router is so that devices on the _internal_ network are able to access the web server via the external IP of your router as if they are on the internet also. 1-to-1 NAT will certainly not work (please don't just enable random things with 'NAT' in them! ;) ) Have you consulted the router documentation? – BE77Y May 14 '15 at 07:55
  • Yes, I consulted the router documentation. Can't find anything related to NAT loopback. My understanding of NAT loopback is it applies when I have a server within the LAN and would like to access it via router's public IP. – shaolinmonk May 14 '15 at 10:45
  • Precisely, which is what you're trying to do based on your description in your question. OK - well my next suggestion would be to contact the support of the vendor of your router in that case to see if it's possible to enable NAT loopback - for example some models require telnetting in and manually setting a flag to enable it, rather than having a checkbox in their web UI or similar. – BE77Y May 14 '15 at 10:50
  • I think my situation is different. My website is on external host, outside of LAN. ISP has created the sub-domain and forwarded to that web host's name server. I have problem accessing this sub-domain from devices on the internal network. – shaolinmonk May 14 '15 at 10:54
  • In your question you describe the server as "local web server". If this is not the case then it would be useful if you could update your question to be more clear about your exact scenario. – BE77Y May 14 '15 at 10:55
  • Thank you for your help. My question is actually in 2nd para. I have now rephrased and updated the question. – shaolinmonk May 14 '15 at 11:18
  • My A record points to DNS server of ISP since sub-domain is created there. From ISP, they have forwarded the sub-domain to external web host's DNS server. Tried pointing A record directly to web host - does not work. Tried sub-domain delegation to ISP's DNS server - does not work either. – shaolinmonk May 14 '15 at 11:51
  • It sounds like there is a fundamental misunderstanding of how DNS works. I suggest you brush up on the topic. In any case, as per my answer update: if you want to be able to access the server via the domain name you have registered on internal devices, the DNS server on that network will need to point _to its IP_, *not* to another DNS server. – BE77Y May 14 '15 at 12:00
  • Pointing A record to IP of web server worked. Thank you for your patient help. – shaolinmonk May 15 '15 at 07:15