Solved

problem accessing our external website

Posted on 2008-10-15
12
202 Views
Last Modified: 2012-05-05
We have a Windows 2003 domain. Users cannot access our external website because the wrong IP is showing up when I do an NSLookup.
So we changed the A record to the new website and all external users can access it just fine. But when we try to access it internally, we cant connect to it. Our internal domain name is the same as the www site name, example domain name is ACMEInc.com and we cannot access www.ACMEinc.com. When I do an NSLookup, we get a old stale external IP that hasnt been used for years. I went into the DNS server/Forward LookupZones/corp.ACMEinc.com and created an A record, which shows up as a record named "www". It brings up the right IP now when I do an NSLookup, but I noticed that the FQDN is now showing as www.ACMEinc.com.corp.ACME.com. So we still cannot access the website.

It seems like this should be something easy to setup, but I am lost. Simply wanting to go to www.ACMEinc.com is not working. Please help.
TIA
0
Comment
Question by:pulpboy99
12 Comments
 
LVL 17

Expert Comment

by:Andres Perales
ID: 22725610
your external dns should point to the public ip address of your website.
your internal dns should point to the internal ip address of your website.
after you make changes you should do an ipconfig /flushdns for your users so the changes can be reflected.
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 22725612

Hey,

Delete the record you just added, it will appear as a number of sub-folders in the DNS console (starting with com, then acmeinc, etc).

Do you have a Forward Lookup Zone called acmeinc.com?

If you do, delete the current entry for www.

Then create a new Host (A) record, the name should just be www, you should see a grey box below fills in the rest of the name. Set the correct IP and you're all set.

You will still need to clear the DNS cache on any client you want to see the change right away. You can do that with "ipconfig /flushdns".

HTH

Chris
0
 
LVL 8

Expert Comment

by:jtdebeer
ID: 22725623
It is always advisable to set up an internal domain name as   ACMEinc.local

0
Manage your data center from practically anywhere

The KN8164V features HD resolution of 1920 x 1200, FIPS 140-2 with level 1 security standards and virtual media transmissions at twice the speed. Built for reliability, the KN series provides local console and remote over IP access, ensuring 24/7 availability to all servers.

 
LVL 70

Expert Comment

by:Chris Dent
ID: 22725667

Hmm actually I have to disagree with that (use of .local).

.local has fallen out of favour recently because there is no guarantee that the .local suffix will never be used publicly. MS no longer recommend use of that suffix because of this.

There are other options, but this one appears to fall into that category. It looks like AD is called corp.acme.com, which is perfectly valid and my current preferred naming convention.

Chris
0
 

Author Comment

by:pulpboy99
ID: 22726211
Thanks for the info. I forgot to mention that the website is not hosted by us.
We don't have a Forward lookup zone called acmeinc. We just have two (one called _msdcs.corp.acmeinc.com and the other called corp.acmeinc.com. Which one of the two should I create the A record? If I do that, wont it also put in the FQDN? which will prevent us from simply going to www.acmeinc.com?



0
 
LVL 70

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 22726231

Neither of those.

Normally you wouldn't need to create one at all if the site is externally hosted.

When you run "nslookup www.acmeinc.com" exactly what do you get back?

Chris
0
 

Author Comment

by:pulpboy99
ID: 22726380
I get an IP address old stale external IP from a hosting company that we used 5 years ago.
Is there any way I can find out where that IP is resolving from? I checked around the DNS server looking for that IP, but I didn't see it anywhere. I know that externally, the site is resolving fine, so it makes me think there is a record somewhere on the DNS server.
0
 

Author Comment

by:pulpboy99
ID: 22726404
the NSLookup comes back with a Non-authorative answer, if that helps.
0
 

Author Comment

by:pulpboy99
ID: 22726635
OK, so I created the A record like you said and did the flushdns, but I'm back to where I was earlier. When I do an NSLookup, it resolves with www.acmeinc.com.corp.acmeinc.com, and it has the correct IP now. But I cannot go to the site by simply going to www.acmeinc.com. Is there a way to remove the FQDN? Can't I simply add the route to the DNS server's hosts file?
0
 
LVL 70

Assisted Solution

by:Chris Dent
Chris Dent earned 500 total points
ID: 22726653

> the NSLookup comes back with a Non-authorative answer, if that helps.

It does, it means that you're getting it from somewhere else (rather than your server making up the answer).

Yeah, the www record is only good if you have a zone for acmeinc.com rather than just corp.acmeinc.com.

Do you use Forwarders in DNS (properties for server in DNS console, Forwarders tab)? I guess the most likely is that you forward to your ISP, and they used to host the domain and haven't cleaned up.

Chris
0
 

Author Comment

by:pulpboy99
ID: 22726942
We do have forwarders. I just plugged a laptop into the ISP router directly to try our ISP's DNS and it came up with the proper IP. It has to do with something internally. I'm going to check the firewall.
0
 

Author Closing Comment

by:pulpboy99
ID: 31506583
Figured out that our firewall had a DNS entry for the old website hidden in an area I never touch. I Changed the entry and it works fine now. Thanks for all your help. I did get some insight on DNS, so it was still very helpful, although it did bring up a couple new DNS questions that seemed rather odd(but that's for another post).
0

Featured Post

Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
As companies replace their old PBX phone systems with Unified IP Communications, many are finding out that legacy applications such as fax do not work well with VoIP. Fortunately, Cloud Faxing provides a cost-effective alternative that works over an…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question