Solved

Dns problem on web server can not  resolve it's own domain name but can resolve other domains

Posted on 2006-06-17
18
553 Views
Last Modified: 2008-01-09
Hi,
I am working on a web server-windows 2000 server.  The website can be viewed from the internet with no problem, but you can not view the website from the web server itself. I am trying to figure out some dns problems in our local network.  Also some cgi scripts are not performing as they should.
Here are some results from tracert, pings, and nslookup  that were performed from the web server.  

C:\Documents and Settings\Administrator>nslookup www.domain.com
Server:  server.domain.com
Address:  10.222.10.222

Name:    www.domain.com


C:\Documents and Settings\Administrator>tracert www.www.domain.com
Unable to resolve target system name www.www.domain.com

C:\Documents and Settings\Administrator>tracert www.google.com

Tracing route to www.l.google.com [66.102.7.99]
over a maximum of 30 hops:

  1     4 ms    13 ms     2 ms  mail.us.embeddedsol.com [63.145.241.33]
  2   271 ms     5 ms     5 ms  svl-edge-12.inet.qwest.net [63.145.225.245]
  3     5 ms     5 ms     5 ms  svl-core-01.inet.qwest.net [205.171.14.133]
  4     5 ms     5 ms     5 ms  pax-edge-01.inet.qwest.net [205.171.214.30]
You get the idea

Trace complete.

C:\Documents and Settings\Administrator>nslookup www.www.domain.com
Server:  server.www.domain.com
Address:  10.222.10.222

Name:    www.domain.com


C:\Documents and Settings\Administrator>ping www.domain.com
Unknown host www.domain.com

C:\Documents and Settings\Administrator>ping server.www.domain.com

Pinging maple.CMSINET.COM [10.222.10.222] with 32 bytes of data:

Reply from 10.222.10.222: bytes=32 time<10ms TTL=128
Reply from 10.222.10.222: bytes=32 time<10ms TTL=128

Ping statistics for 10.222.10.222:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum =  0ms, Average =  0ms

C:\Documents and Settings\Administrator>ping server

Pinging maple.CMSINET.COM [10.222.10.222] with 32 bytes of data:

Reply from 110.222.10.222: bytes=32 time<10ms TTL=128
Reply from 10.222.10.222: bytes=32 time<10ms TTL=128

Ping statistics for 10.222.10.222:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum =  0ms, Average =  0ms

I do have DNS installed on the webserver, which did instantly fix the mail server problem, but obviously we are still having trouble.
Thank you

0
Comment
Question by:lizardqueen007
  • 7
  • 4
  • 3
  • +3
18 Comments
 
LVL 77

Expert Comment

by:Rob Williams
Comment Utility
Try manually adding a new Alias/CNAME record in DNS for the web server using the local IP of the web server in the forward look up zones under your server.
0
 
LVL 22

Expert Comment

by:rickhobbs
Comment Utility
The external name is resolved by the external DNS to the external address.  The router then does a NAT translation to the web server's internal IP address.  To access the site internally you must use the format http://servername/startpage.  For example, if the server internally is  called mymail and externally its MX recoerd is mymail.mycompany.com, externally you would access with http://mymail.mycompany.com and internally you would access with http://mymail
0
 
LVL 1

Author Comment

by:lizardqueen007
Comment Utility
RobWill,
Could you please explain. What the CNAME record should look like?  For instance what would the alias name be and where would it point?  
0
 
LVL 23

Expert Comment

by:Erik Bjers
Comment Utility
What is the server's primary DNS server?  It should be set to it's own IP address and there should be no others listed (unless they are other DNS servers on your network).  YOu should then have forwarders listed for external DNS servers.

Also why are you tracerting www.www.mydomain.com, shoulden't it be www.mydomain.com?

eb

0
 
LVL 1

Author Comment

by:lizardqueen007
Comment Utility
ebjers,
The only dns server listed in the tcp/ip settings is itself.
0
 
LVL 1

Author Comment

by:lizardqueen007
Comment Utility
Also, I got an error message from the cgi perl script saying that it could not resolve smtp.domian.com

And you might take a look at another question that might be related.  
http://www.experts-exchange.com/Operating_Systems/Q_21890240.html
Those errors were found on the domain controller not on the web/mail server that we are referring to in this question.
0
 
LVL 77

Expert Comment

by:Rob Williams
Comment Utility
To add a CNAME, open the DNS management console, expand the Forward look up zones, highlight your domain,  click actions on the menu bar and then New Alias (CNAME). In the Alias name enter the alias such as www.somedomain.com, then browse to the actual host/server and click OK. The CNAME acts as an alias on your local network to resolve the name to the local server IP rather than the external/WAN IP. I just found a similar discussion a while ago that may help:
http://www.experts-exchange.com/Operating_Systems/Windows_Server_2003/Q_21656672.html?query=adding+a+CNAME&clearTAFilter=true
0
 
LVL 2

Expert Comment

by:spakko
Comment Utility
Have you thought about the fact that when request to see the site from inside your network it resolves to an external / public IP address that then comes back in via your NAT / Router... I have seen this cause problems once or twice before.

An easy workaround is to create a new DNZ Zone on your server called domain.com (as per your example) and then create an A record called www that resolves to your server's internal IP address (eg 192.168.1.10). That way when someone requests access to your website locally, your DNS sever "catches" the call and directs it to the local IP address. Anyone outside of your network gets the public IP address and gets in happily too.
0
 
LVL 2

Expert Comment

by:spakko
Comment Utility
Ooops... I mean DNS Zone in in the above. Damn keyboard...
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 1

Author Comment

by:lizardqueen007
Comment Utility
Ebjers, yes www.mydomin.com  this was a cut and paste mistake when obfiscating real domain to experts exchange.
I really meant www.www.www.www.my domain .com-just kidding.
Laura
0
 
LVL 1

Author Comment

by:lizardqueen007
Comment Utility
RobWill,  when I try to add the alias.  The window will not let me put a "." in the field.  In other words, I can type in wwwdomain.com but not www.domain.com.  Have you ever seen this?
0
 
LVL 1

Author Comment

by:lizardqueen007
Comment Utility
Thanks Spakko, I assume you mean DMZ? Is that correct?  If not, I don't understand.
0
 
LVL 77

Assisted Solution

by:Rob Williams
Rob Williams earned 80 total points
Comment Utility
>>"Have you ever seen this?"
No I haven't but I have only done it once or twice.
If you are using the correct domain, usually you only have to put in the www and the rest is filled in automatically. You will see it filled in in the grayed out box below.
0
 
LVL 23

Assisted Solution

by:Erik Bjers
Erik Bjers earned 160 total points
Comment Utility
Don't add a new alies, add a new host record like intweb (for internal web) and give it the internal IP for your server.  You can then access your site by intweb.domain.com or intweb from clients inside your network and www.domain.com from outside.

eb
0
 
LVL 3

Accepted Solution

by:
papimichel earned 260 total points
Comment Utility
on your DNS server, open its managment console, click forward lookup zone, right click your domain name, and add a host.
name the host "www", and address it with the web server's IP address.
then.
same process for your smtp-create another host and name it smtp, address it with the smtp server's ip and your'e done.
0
 
LVL 1

Author Comment

by:lizardqueen007
Comment Utility
Thanks everyone, I really hate trying to give points fairly, since everyone is generous-i really do my best.  Adding the forward zones help, also there were other dns issues that needed to be resolved. Good news is that with everyone in this forum's help, things are again working well-I think(fingers crossed)
0
 
LVL 23

Expert Comment

by:Erik Bjers
Comment Utility
Glad everything worked out for you.
0
 
LVL 77

Expert Comment

by:Rob Williams
Comment Utility
Thanks lizardqueen007,
--Rob
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Configuring network clients can be a chore, especially if there are a large number of them or a lot of itinerant users.  DHCP dynamically manages this process, much to the relief of users and administrators alike!
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now