Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

problem accessing our external website

Posted on 2008-10-15
12
Medium Priority
?
211 Views
Last Modified: 2012-05-05
We have a Windows 2003 domain. Users cannot access our external website because the wrong IP is showing up when I do an NSLookup.
So we changed the A record to the new website and all external users can access it just fine. But when we try to access it internally, we cant connect to it. Our internal domain name is the same as the www site name, example domain name is ACMEInc.com and we cannot access www.ACMEinc.com. When I do an NSLookup, we get a old stale external IP that hasnt been used for years. I went into the DNS server/Forward LookupZones/corp.ACMEinc.com and created an A record, which shows up as a record named "www". It brings up the right IP now when I do an NSLookup, but I noticed that the FQDN is now showing as www.ACMEinc.com.corp.ACME.com. So we still cannot access the website.

It seems like this should be something easy to setup, but I am lost. Simply wanting to go to www.ACMEinc.com is not working. Please help.
TIA
0
Comment
Question by:pulpboy99
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
12 Comments
 
LVL 17

Expert Comment

by:Andres Perales
ID: 22725610
your external dns should point to the public ip address of your website.
your internal dns should point to the internal ip address of your website.
after you make changes you should do an ipconfig /flushdns for your users so the changes can be reflected.
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 22725612

Hey,

Delete the record you just added, it will appear as a number of sub-folders in the DNS console (starting with com, then acmeinc, etc).

Do you have a Forward Lookup Zone called acmeinc.com?

If you do, delete the current entry for www.

Then create a new Host (A) record, the name should just be www, you should see a grey box below fills in the rest of the name. Set the correct IP and you're all set.

You will still need to clear the DNS cache on any client you want to see the change right away. You can do that with "ipconfig /flushdns".

HTH

Chris
0
 
LVL 8

Expert Comment

by:jtdebeer
ID: 22725623
It is always advisable to set up an internal domain name as   ACMEinc.local

0
WEBINAR - Latest Cyber Tips for Defense

Join the WatchGuard Threat Research Team on October 26th for an informative webinar featuring expert tips and tricks for defending your organization from today's latest cyber threats. Don't leave yourself vulnerable to attack. Register for the webinar today!

 
LVL 71

Expert Comment

by:Chris Dent
ID: 22725667

Hmm actually I have to disagree with that (use of .local).

.local has fallen out of favour recently because there is no guarantee that the .local suffix will never be used publicly. MS no longer recommend use of that suffix because of this.

There are other options, but this one appears to fall into that category. It looks like AD is called corp.acme.com, which is perfectly valid and my current preferred naming convention.

Chris
0
 

Author Comment

by:pulpboy99
ID: 22726211
Thanks for the info. I forgot to mention that the website is not hosted by us.
We don't have a Forward lookup zone called acmeinc. We just have two (one called _msdcs.corp.acmeinc.com and the other called corp.acmeinc.com. Which one of the two should I create the A record? If I do that, wont it also put in the FQDN? which will prevent us from simply going to www.acmeinc.com?



0
 
LVL 71

Accepted Solution

by:
Chris Dent earned 2000 total points
ID: 22726231

Neither of those.

Normally you wouldn't need to create one at all if the site is externally hosted.

When you run "nslookup www.acmeinc.com" exactly what do you get back?

Chris
0
 

Author Comment

by:pulpboy99
ID: 22726380
I get an IP address old stale external IP from a hosting company that we used 5 years ago.
Is there any way I can find out where that IP is resolving from? I checked around the DNS server looking for that IP, but I didn't see it anywhere. I know that externally, the site is resolving fine, so it makes me think there is a record somewhere on the DNS server.
0
 

Author Comment

by:pulpboy99
ID: 22726404
the NSLookup comes back with a Non-authorative answer, if that helps.
0
 

Author Comment

by:pulpboy99
ID: 22726635
OK, so I created the A record like you said and did the flushdns, but I'm back to where I was earlier. When I do an NSLookup, it resolves with www.acmeinc.com.corp.acmeinc.com, and it has the correct IP now. But I cannot go to the site by simply going to www.acmeinc.com. Is there a way to remove the FQDN? Can't I simply add the route to the DNS server's hosts file?
0
 
LVL 71

Assisted Solution

by:Chris Dent
Chris Dent earned 2000 total points
ID: 22726653

> the NSLookup comes back with a Non-authorative answer, if that helps.

It does, it means that you're getting it from somewhere else (rather than your server making up the answer).

Yeah, the www record is only good if you have a zone for acmeinc.com rather than just corp.acmeinc.com.

Do you use Forwarders in DNS (properties for server in DNS console, Forwarders tab)? I guess the most likely is that you forward to your ISP, and they used to host the domain and haven't cleaned up.

Chris
0
 

Author Comment

by:pulpboy99
ID: 22726942
We do have forwarders. I just plugged a laptop into the ISP router directly to try our ISP's DNS and it came up with the proper IP. It has to do with something internally. I'm going to check the firewall.
0
 

Author Closing Comment

by:pulpboy99
ID: 31506583
Figured out that our firewall had a DNS entry for the old website hidden in an area I never touch. I Changed the entry and it works fine now. Thanks for all your help. I did get some insight on DNS, so it was still very helpful, although it did bring up a couple new DNS questions that seemed rather odd(but that's for another post).
0

Featured Post

Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Resolve DNS query failed errors for Exchange
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question