Solved

problem accessing our external website

Posted on 2008-10-15
12
199 Views
Last Modified: 2012-05-05
We have a Windows 2003 domain. Users cannot access our external website because the wrong IP is showing up when I do an NSLookup.
So we changed the A record to the new website and all external users can access it just fine. But when we try to access it internally, we cant connect to it. Our internal domain name is the same as the www site name, example domain name is ACMEInc.com and we cannot access www.ACMEinc.com. When I do an NSLookup, we get a old stale external IP that hasnt been used for years. I went into the DNS server/Forward LookupZones/corp.ACMEinc.com and created an A record, which shows up as a record named "www". It brings up the right IP now when I do an NSLookup, but I noticed that the FQDN is now showing as www.ACMEinc.com.corp.ACME.com. So we still cannot access the website.

It seems like this should be something easy to setup, but I am lost. Simply wanting to go to www.ACMEinc.com is not working. Please help.
TIA
0
Comment
Question by:pulpboy99
12 Comments
 
LVL 17

Expert Comment

by:Andres Perales
Comment Utility
your external dns should point to the public ip address of your website.
your internal dns should point to the internal ip address of your website.
after you make changes you should do an ipconfig /flushdns for your users so the changes can be reflected.
0
 
LVL 70

Expert Comment

by:Chris Dent
Comment Utility

Hey,

Delete the record you just added, it will appear as a number of sub-folders in the DNS console (starting with com, then acmeinc, etc).

Do you have a Forward Lookup Zone called acmeinc.com?

If you do, delete the current entry for www.

Then create a new Host (A) record, the name should just be www, you should see a grey box below fills in the rest of the name. Set the correct IP and you're all set.

You will still need to clear the DNS cache on any client you want to see the change right away. You can do that with "ipconfig /flushdns".

HTH

Chris
0
 
LVL 8

Expert Comment

by:jtdebeer
Comment Utility
It is always advisable to set up an internal domain name as   ACMEinc.local

0
 
LVL 70

Expert Comment

by:Chris Dent
Comment Utility

Hmm actually I have to disagree with that (use of .local).

.local has fallen out of favour recently because there is no guarantee that the .local suffix will never be used publicly. MS no longer recommend use of that suffix because of this.

There are other options, but this one appears to fall into that category. It looks like AD is called corp.acme.com, which is perfectly valid and my current preferred naming convention.

Chris
0
 

Author Comment

by:pulpboy99
Comment Utility
Thanks for the info. I forgot to mention that the website is not hosted by us.
We don't have a Forward lookup zone called acmeinc. We just have two (one called _msdcs.corp.acmeinc.com and the other called corp.acmeinc.com. Which one of the two should I create the A record? If I do that, wont it also put in the FQDN? which will prevent us from simply going to www.acmeinc.com?



0
 
LVL 70

Accepted Solution

by:
Chris Dent earned 500 total points
Comment Utility

Neither of those.

Normally you wouldn't need to create one at all if the site is externally hosted.

When you run "nslookup www.acmeinc.com" exactly what do you get back?

Chris
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:pulpboy99
Comment Utility
I get an IP address old stale external IP from a hosting company that we used 5 years ago.
Is there any way I can find out where that IP is resolving from? I checked around the DNS server looking for that IP, but I didn't see it anywhere. I know that externally, the site is resolving fine, so it makes me think there is a record somewhere on the DNS server.
0
 

Author Comment

by:pulpboy99
Comment Utility
the NSLookup comes back with a Non-authorative answer, if that helps.
0
 

Author Comment

by:pulpboy99
Comment Utility
OK, so I created the A record like you said and did the flushdns, but I'm back to where I was earlier. When I do an NSLookup, it resolves with www.acmeinc.com.corp.acmeinc.com, and it has the correct IP now. But I cannot go to the site by simply going to www.acmeinc.com. Is there a way to remove the FQDN? Can't I simply add the route to the DNS server's hosts file?
0
 
LVL 70

Assisted Solution

by:Chris Dent
Chris Dent earned 500 total points
Comment Utility

> the NSLookup comes back with a Non-authorative answer, if that helps.

It does, it means that you're getting it from somewhere else (rather than your server making up the answer).

Yeah, the www record is only good if you have a zone for acmeinc.com rather than just corp.acmeinc.com.

Do you use Forwarders in DNS (properties for server in DNS console, Forwarders tab)? I guess the most likely is that you forward to your ISP, and they used to host the domain and haven't cleaned up.

Chris
0
 

Author Comment

by:pulpboy99
Comment Utility
We do have forwarders. I just plugged a laptop into the ISP router directly to try our ISP's DNS and it came up with the proper IP. It has to do with something internally. I'm going to check the firewall.
0
 

Author Closing Comment

by:pulpboy99
Comment Utility
Figured out that our firewall had a DNS entry for the old website hidden in an area I never touch. I Changed the entry and it works fine now. Thanks for all your help. I did get some insight on DNS, so it was still very helpful, although it did bring up a couple new DNS questions that seemed rather odd(but that's for another post).
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

This is the first one of a series of articles I’ll be writing to address technical issues that are always referred to as network problems. The network boundaries have changed, therefore having an understanding of how each piece in the network  puzzl…
Transparency shows that a company is the kind of business that it wants people to think it is.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now