1

I have a Windows Server 2012 R2 machine, named [mine-1234].

I have IIS 8.5 installed and a hole in my firewall for ports 80 and 443.

I have created 2 test sites

  1. one with a default binding to :80
  2. one with two bindings to :80 with host headers. [foo.mine-1234]and[foo.mine.local]

I configured my hosts file to resolve mine.local and foo.mine.local to 127.0.0.1 and local reference to the sites resolve fine. The issue I'm having is when I attempt to use the external bindings on my LAN.

Requests from Localhost

  • http://mine.local/index.html loads in the browser
  • http://foo.mine.local/index.html loads in the browser.

Requests from LAN Clients

  • http://mine-1234/index.html loads in the browser.
  • http://foo.mine-1234/index.html does not load in the browser.

However, the host headers do not resolve for other callers on my LAN that are outside my machine.

3 Questions (2 and 3 depend on the answer to 1)

  1. Can foobe made available to my LAN without modifying DNS?
  2. [if: 1=yes] What is the proper binding for foo on mine-1234 to make it accessible to my LAN without modifying DNS?
  3. [if: 1=no] What is the most straightforward way to modify DNS to make foo available to my LAN?
K. Alan Bates
  • 223
  • 2
  • 12

1 Answers1

0

Alan Bates,

Generally speaking yes you need to modify your DNS for other LAN clients in your network to know how to reach the website.

An easy way to think about it is the setting you create in IIS tell the web server what IP address and host name your website to answer to. It does NOT tell other LAN clients how to reach your website.

LAN clients send the hostname to the DNS server and the DNS server resolves the hostname to an IP address (for this to work you need an A record) the LAN client then sends the request to that IP address (your web server) which checks the hostname requested and if it matches the settings in IIS displays the website.

So you have two parts.

  1. What do I respond to (IIS settings)

  2. How do I reach the website (DNS records)

Best practice is to set one static IP address per website and set the IIS binding for each site to its corresponding static IP address. Then add the DNS A and PTR records on your DNS server so your LAN clients know how to reach your website.

Please let me know if you have any other questions.

user5870571
  • 3,094
  • 2
  • 12
  • 35
  • I was expecting that the existing A record for `[mine-1234]` could be matched with a CNAME record for `dev.mine.domain.local` to allow LAN connected users to find my machine, but my curiosity was whether or not `foo` would need its own DNS entry or if registering it with a host header in the site binding would suffice. Are you saying it will not? (This is my first time being responsible for onprem hosting in about 12 years. I'm rusty) – K. Alan Bates Feb 08 '16 at 19:44
  • "I was expecting that the existing A record for [mine-1234] could be matched with a CNAME record for dev.mine.domain.local." Usually your DNS server would be authoritative for domain.local. Your hostname would be mine and your FQDN for that server is mine.domain.local. So if you want to create a website hosted on mine.domain.local with a DNS name of dev.domain.local you would bind the hostname dev.domain.local to the website in IIS and create a DNS CNAME record that says dev.domain.local is actually mine.domain.local. – user5870571 Feb 08 '16 at 19:57
  • ok. So let me see if I understand you: if my FQMN is `//mine-1234.domain.local`, I need to configure the binding in IIS to `foo.mine-1234.domain.local:80` and in order to make it accessible to LAN Clients, I need a CNAME pointing `foo.mine.local` to `foo.mine-1234.domain.local`. Is this correct? – K. Alan Bates Feb 08 '16 at 20:05
  • For reference it is FQDN not FQMN and in Windows the slashes for a computer name are "\\" not "//". ;) You can have your hostname be whatever you want (mine-1234.domain.local is fine). Configure your website in IIS to bind to dev, foo, whatever .domain.local (e.g. dev.domain.local) and in your DNS server create a CNAME record for dev.domain.local to mine-1234.domain.local. – user5870571 Feb 08 '16 at 20:07
  • ok. ...that's consistent with something that I had already tried but couldn't make work and why I asked the question the way I did. With a default binding to port 80, I can access `http://mine-1234` on my LAN. I can also access `http://mine-1234.mydomain.local` on my LAN as well as to localhost. Whenever I add a host header to the binding, `http://foo.mine-1234.mydomain.local` doesn't even resolve on localhost. – K. Alan Bates Feb 08 '16 at 20:58
  • Like I said, you may want to add a secondary IP address on your host network interface card, bind the IP to your website and add a DNS A record resolving the dev.mydomain.local to the secondary IP address that you bound to the website in the IIS role. That works very well. – user5870571 Feb 08 '16 at 21:01
  • " Whenever I add a host header to the binding, http://foo.mine-1234.mydomain.local doesn't even resolve on localhost." Yes, because you have provided no way for the client to resolve the hostname. You must add the DNS A and PTR records for that to work. – user5870571 Feb 08 '16 at 22:00
  • If this fixed your problem, please feel free to mark the answer as accepted. – user5870571 Feb 08 '16 at 23:33