Cannot access website from Internal Network - DNS Issue?
Hi all
We currently have the following setup:
2 Domains companya.com and companyb.com, each with externally hosted websites.
companya.com works perfectly however companyb.com is a newly acquired domain and has been added to our internal DNS. In the forward lookup zone for this DNS entry we have 'A' records for mail and www (pointing to external IP address of website - IP is definately correct)
mail.companyb.com works perfectly and other prefixes; its only the www that wont seem to work. In IE you get back a HTTP 403 forbidden page
Any ideas? Hoping you can help
We currently have the following setup:
2 Domains companya.com and companyb.com, each with externally hosted websites.
companya.com works perfectly however companyb.com is a newly acquired domain and has been added to our internal DNS. In the forward lookup zone for this DNS entry we have 'A' records for mail and www (pointing to external IP address of website - IP is definately correct)
mail.companyb.com works perfectly and other prefixes; its only the www that wont seem to work. In IE you get back a HTTP 403 forbidden page
Any ideas? Hoping you can help
stesom
Go to the command prompt and do an nslookup on the www domain, does it return the correct IP?
Could be a problem in IE itself... run a sfc /scannow and click OK. When the scan is complete, reboot and see if that helped (more info: http://support.microsoft.com/kb/318378)
ASKER
the nslookup comes back with the correct ip
I doubt its a problem with IE as the problem is on everybodys machine (700+ machines) and on the servers
I doubt its a problem with IE as the problem is on everybodys machine (700+ machines) and on the servers
When you say correct IP is that a LAN or WAN IP? Also, can you get to you website using :
http://companya.com? If you can but can't access it through http://www.companya.com then it's a missing host headder in IIS.
Can you ping www.comapnya.com? If not then you are missing a DNS record of www for that zone.
All the best
Sci-Fi Si
http://companya.com? If you can but can't access it through http://www.companya.com then it's a missing host headder in IIS.
Can you ping www.comapnya.com? If not then you are missing a DNS record of www for that zone.
All the best
Sci-Fi Si
Sorry, you did say.
>companya.com works perfectly however companyb.com is a newly acquired domain and has been >added to our internal DNS. In the forward lookup zone for this DNS entry we have 'A' records for >mail and www (pointing to external IP address of website - IP is definately correct)
>mail.companyb.com works perfectly and other prefixes; its only the www that wont seem to >work. In IE you get back a HTTP 403 forbidden page
The 403 error is common when there is no default document, or the default document has not been set correctly and directory browsing has been disabled (which is correct)
From your nslookup and pings it looks as though your DNS is set correctly and in getting a 403 error this would suggest that your request is getting through to the correct machine.
My suspicions are:
1. Double check your default document in IIS
2. Check your host headders in IIS and make sure there is a www.companya.com entry there.
Sci-Fi Si
>companya.com works perfectly however companyb.com is a newly acquired domain and has been >added to our internal DNS. In the forward lookup zone for this DNS entry we have 'A' records for >mail and www (pointing to external IP address of website - IP is definately correct)
>mail.companyb.com works perfectly and other prefixes; its only the www that wont seem to >work. In IE you get back a HTTP 403 forbidden page
The 403 error is common when there is no default document, or the default document has not been set correctly and directory browsing has been disabled (which is correct)
From your nslookup and pings it looks as though your DNS is set correctly and in getting a 403 error this would suggest that your request is getting through to the correct machine.
My suspicions are:
1. Double check your default document in IIS
2. Check your host headders in IIS and make sure there is a www.companya.com entry there.
Sci-Fi Si
ASKER
The website is externally hosted and managed by a third party so i dont even know if they use IIS. But if you try and access the website from an external source you get to the website perfectly fine (using www.companyb.com)
Only doesn't work when trying from internal network
Only doesn't work when trying from internal network
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
If we remove the zone the website works fine but we can't remove the entire zone because it contains records such as mail.companyb.com as well as other intranet websites which work fine
If i remove just the www record and flushdns it still doesn't work.
Perhaps is there any possible way to make this one record look outside to the ISP DNS rather than lookup internally?
If i remove just the www record and flushdns it still doesn't work.
Perhaps is there any possible way to make this one record look outside to the ISP DNS rather than lookup internally?
ASKER
I've tried pointing the www record at the bbc website and it still wont go anywhere
I've just tried that myself with one of my domain records and it works just fine. Looks as though we're narrowing down the problem.
Adding a www A record pointing to the IP of bbc.co.uk or google.com etc... should work.
As a check you could add somthing like eeek.companya.com and point it to 209.85.171.99 which should bring up google.com. This test will check if you're getting a bogus DNS for the www record or not.
If you get the same problem then I would say your DNS is fine and it's a routing issue.
Adding a www A record pointing to the IP of bbc.co.uk or google.com etc... should work.
As a check you could add somthing like eeek.companya.com and point it to 209.85.171.99 which should bring up google.com. This test will check if you're getting a bogus DNS for the www record or not.
If you get the same problem then I would say your DNS is fine and it's a routing issue.
ASKER
Ive added the following A Record to companyb forward lookup zone
eeek Host (A) 209.85.171.99
And this works i.e. goes straight to the google website.
So its just the www record which doesn't work
Now i've just changed the www record on the companya zone to the one we're trying to get to and it works fine. So it only doesn't work for the www record on companyb.
eeek Host (A) 209.85.171.99
And this works i.e. goes straight to the google website.
So its just the www record which doesn't work
Now i've just changed the www record on the companya zone to the one we're trying to get to and it works fine. So it only doesn't work for the www record on companyb.
Okey Dokey,
Now we're getting somewhere, I just love the process of elimination...
There must be a record for www.companyb.com somewhere, it could be in the HOSTS file which kicks in before DNS so it might be worth having a look, a flushdns on your client machines and server would be worth a go.
One other thing, what DNS servers do you have listed for your clients network config?
>If i remove just the www record and flushdns it still doesn't work.
If you ping www.companyb.com do you get the same reply as just a ping to companyb.com?
All the best
Sci-Fi Si
Now we're getting somewhere, I just love the process of elimination...
There must be a record for www.companyb.com somewhere, it could be in the HOSTS file which kicks in before DNS so it might be worth having a look, a flushdns on your client machines and server would be worth a go.
One other thing, what DNS servers do you have listed for your clients network config?
>If i remove just the www record and flushdns it still doesn't work.
If you ping www.companyb.com do you get the same reply as just a ping to companyb.com?
All the best
Sci-Fi Si
ASKER
Our HOSTS file is empty and i've tried flushing the DNS
All the clients use our 2 Domain controllers as DNS servers
From Internal if i ping www.companyb.com WITHOUT the A Record i get no response from ping
From Internal if i ping www.companyb.com WITH the A Record i do get a ping response
All the clients use our 2 Domain controllers as DNS servers
From Internal if i ping www.companyb.com WITHOUT the A Record i get no response from ping
From Internal if i ping www.companyb.com WITH the A Record i do get a ping response
Hi, been away for a day.
The Forbidden 403 suggests that this responce is coming from your IIS server. It looks as though it thinks it is hosting this website, but not being set up correctly (an there's no reason why it should be as you're not hosting the companyb.com website internally)
I still suspect this error is coming from IIS on your server. It is a little difficult to assist further as with all DNS issues not knowing the domain name limits what checks I can make to help you further.
The Forbidden 403 suggests that this responce is coming from your IIS server. It looks as though it thinks it is hosting this website, but not being set up correctly (an there's no reason why it should be as you're not hosting the companyb.com website internally)
I still suspect this error is coming from IIS on your server. It is a little difficult to assist further as with all DNS issues not knowing the domain name limits what checks I can make to help you further.
ASKER
Thanks for all the help it was indeed an incorrect DNS entry
Was this issue ever resolved?