Solved

problem accessing our external website

Posted on 2008-10-15
12
200 Views
Last Modified: 2012-05-05
We have a Windows 2003 domain. Users cannot access our external website because the wrong IP is showing up when I do an NSLookup.
So we changed the A record to the new website and all external users can access it just fine. But when we try to access it internally, we cant connect to it. Our internal domain name is the same as the www site name, example domain name is ACMEInc.com and we cannot access www.ACMEinc.com. When I do an NSLookup, we get a old stale external IP that hasnt been used for years. I went into the DNS server/Forward LookupZones/corp.ACMEinc.com and created an A record, which shows up as a record named "www". It brings up the right IP now when I do an NSLookup, but I noticed that the FQDN is now showing as www.ACMEinc.com.corp.ACME.com. So we still cannot access the website.

It seems like this should be something easy to setup, but I am lost. Simply wanting to go to www.ACMEinc.com is not working. Please help.
TIA
0
Comment
Question by:pulpboy99
12 Comments
 
LVL 17

Expert Comment

by:Andres Perales
ID: 22725610
your external dns should point to the public ip address of your website.
your internal dns should point to the internal ip address of your website.
after you make changes you should do an ipconfig /flushdns for your users so the changes can be reflected.
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 22725612

Hey,

Delete the record you just added, it will appear as a number of sub-folders in the DNS console (starting with com, then acmeinc, etc).

Do you have a Forward Lookup Zone called acmeinc.com?

If you do, delete the current entry for www.

Then create a new Host (A) record, the name should just be www, you should see a grey box below fills in the rest of the name. Set the correct IP and you're all set.

You will still need to clear the DNS cache on any client you want to see the change right away. You can do that with "ipconfig /flushdns".

HTH

Chris
0
 
LVL 8

Expert Comment

by:jtdebeer
ID: 22725623
It is always advisable to set up an internal domain name as   ACMEinc.local

0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 22725667

Hmm actually I have to disagree with that (use of .local).

.local has fallen out of favour recently because there is no guarantee that the .local suffix will never be used publicly. MS no longer recommend use of that suffix because of this.

There are other options, but this one appears to fall into that category. It looks like AD is called corp.acme.com, which is perfectly valid and my current preferred naming convention.

Chris
0
 

Author Comment

by:pulpboy99
ID: 22726211
Thanks for the info. I forgot to mention that the website is not hosted by us.
We don't have a Forward lookup zone called acmeinc. We just have two (one called _msdcs.corp.acmeinc.com and the other called corp.acmeinc.com. Which one of the two should I create the A record? If I do that, wont it also put in the FQDN? which will prevent us from simply going to www.acmeinc.com?



0
 
LVL 70

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 22726231

Neither of those.

Normally you wouldn't need to create one at all if the site is externally hosted.

When you run "nslookup www.acmeinc.com" exactly what do you get back?

Chris
0
DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

 

Author Comment

by:pulpboy99
ID: 22726380
I get an IP address old stale external IP from a hosting company that we used 5 years ago.
Is there any way I can find out where that IP is resolving from? I checked around the DNS server looking for that IP, but I didn't see it anywhere. I know that externally, the site is resolving fine, so it makes me think there is a record somewhere on the DNS server.
0
 

Author Comment

by:pulpboy99
ID: 22726404
the NSLookup comes back with a Non-authorative answer, if that helps.
0
 

Author Comment

by:pulpboy99
ID: 22726635
OK, so I created the A record like you said and did the flushdns, but I'm back to where I was earlier. When I do an NSLookup, it resolves with www.acmeinc.com.corp.acmeinc.com, and it has the correct IP now. But I cannot go to the site by simply going to www.acmeinc.com. Is there a way to remove the FQDN? Can't I simply add the route to the DNS server's hosts file?
0
 
LVL 70

Assisted Solution

by:Chris Dent
Chris Dent earned 500 total points
ID: 22726653

> the NSLookup comes back with a Non-authorative answer, if that helps.

It does, it means that you're getting it from somewhere else (rather than your server making up the answer).

Yeah, the www record is only good if you have a zone for acmeinc.com rather than just corp.acmeinc.com.

Do you use Forwarders in DNS (properties for server in DNS console, Forwarders tab)? I guess the most likely is that you forward to your ISP, and they used to host the domain and haven't cleaned up.

Chris
0
 

Author Comment

by:pulpboy99
ID: 22726942
We do have forwarders. I just plugged a laptop into the ISP router directly to try our ISP's DNS and it came up with the proper IP. It has to do with something internally. I'm going to check the firewall.
0
 

Author Closing Comment

by:pulpboy99
ID: 31506583
Figured out that our firewall had a DNS entry for the old website hidden in an area I never touch. I Changed the entry and it works fine now. Thanks for all your help. I did get some insight on DNS, so it was still very helpful, although it did bring up a couple new DNS questions that seemed rather odd(but that's for another post).
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

David Varnum recently wrote up his impressions of PRTG, based on a presentation by my colleague Christian at Tech Field Day at VMworld in Barcelona. Thanks David, for your detailed and honest evaluation!
Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now