I can not reach our company website from inside our network.

I can not reach our company website from inside our network.  I called up iserv who hosts the site everything is fine. All users including servers can not connect. outside of network connects fine.
Johne75Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

navdhanjalCommented:
What kind of DNS are you running?

Are you in an active directory domain? Is the AD domain name the same as the website domain name?
0
Johne75Author Commented:
yes AD domain. names are different
0
navdhanjalCommented:
Can you run NSLOOKUP from any computer within your domain - type in the web address of your site, and then look at the results.

Is this pointing to an internal IP address or the correct external IP address?

If it is pointing internally, this is a DNS issue.
0
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

Johne75Author Commented:
NS lookup points to external address.
NS lookup also says DNS request timed out after listing the external IP address
When I ping www.flow-rite.com it returns a different IP Address than the NS lookup does and also says TTL expired in transit. Although no packets were lost, all sent and recieved.
0
navdhanjalCommented:
On your primary DNS server, please run:

ipconfig /registerdns

Then run the NSLOOKUP again - shouldn't timeout...that fixes one problem.

In regards to Ping giving you a different address...do you have more than one DNS server? Please ping again after running the registerdns command...**might** fix the problem
0
Johne75Author Commented:
no changes. only one dns server. see attached file
FRC-TRBLSHT.JPG
0
Jan SpringerCommented:
If the company web site is behind the same firewall as your machine and the DNS server is providing a public IP address, you have two options:

1) use an internal DNS server which hands out the private IP address

2) check to see if you can configure your firewall for 'DNS doctoring' or allowing traffic back in the same interface from which it left
0
Johne75Author Commented:
company website is not behind firewall. It is hosted by an external source.
0
Jan SpringerCommented:
where does it die:

> tracert 206.114.37.232
0
Johne75Author Commented:
request times out again
0
hansleCommented:
If you know the IP address of the web site, you can add the entry to your hosts file.

the host file is located in %windir%\system32\drivers\etc

Click START | RUN
type "%windir%\system32\drivers\etc\hosts" in the run box

A dialog box will open asking what program you wish to open the hosts file with. Choose WORDPAD.

Your hosts file will look similar to the following:

# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

Just add an entry at the bottom with the IP address first followed by the domain like:
123.123.123.123  www.mywebsite.com
Then close and save the hosts file and reopen your web browser and it should take you to your site


0
Johne75Author Commented:
hansle,
If I do this on the primary DNS server will it work for all users? All users and servers are having the issue not just one user or server. This seems like a workaround and not the actual solution to the cause of the problem.  
0
Chris DentPowerShell DeveloperCommented:

This is not a DNS or name resolution issue. Concentrate on TTL Expired in Transit. It implies a routing loop, or at least a bad route.

Did you run TraceRt at all? It should have given you something back unless you block ICMP from your own firewall.

Note that the commands run above in the screenshot are not valid. The first shows you entering the NsLookup prompt, it has it's own "shell" you see. Once in there you can't use regular command line things (including NsLookup itself).  For example, you might type this (without the prompts, just for illustrative purposes):

C:\> nslookup
> set type=mx
> set debug
> yourdomain.com

Which would show you rather more than this:

C:\> nslookup -q=mx yourdomain.com

Chris
0
Jan SpringerCommented:
What Chris said and output of the tracert would help.  If ICMP is blocked by the firewall, temporarily turn it on.
0
Chris DentPowerShell DeveloperCommented:

Sorry Jesper, I meant to credit you for the request for that one (since I feel it's very much the right path to follow) :) Stuck the question on monitor before leaving the office, it got rather busy while I was on the train.

Chris
0
Johne75Author Commented:
ah I see now chris. Thanks this is not my area of expertise. attached is the tracert.
FRC-TRBLSHT2.JPG
0
Chris DentPowerShell DeveloperCommented:

Can you browse the site now? The trace above suggests you should get a response if you ping it as well.

This was done from within the network I assume?

Chris
0
Johne75Author Commented:
yes this was done from inside the network and no I still can not get out to it.
0
Johne75Author Commented:
TTL expired in transit still shows in the ping
0
Chris DentPowerShell DeveloperCommented:

Okay. So...

ping www.flow-rite.com

Gives you:

Pinging www.flow-rite.com [IP] with 32 bytes of data:

Then the TTL Expired in Transit message? Or has that changed?

And can you try this one:

telnet www.flow-rite.com 80

Success is indicated by a blank screen, otherwise it'll give you a message saying it failed.

Chris
0
Chris DentPowerShell DeveloperCommented:

Ahead of me :)

That's quite bizarre. Tracert should have failed if you're getting that error message. Re-running Tracert shows exactly the same path?

Chris
0
Johne75Author Commented:
different now see attached
FRC-TRBLSHT3.JPG
0
Chris DentPowerShell DeveloperCommented:

That's what I wanted to see :-D

iserv.net have a very clear routing loop.

If they host your site you should get in touch with them, give them that screenshot, if they're just someone along the way you need to raise this with your ISP (who will escalate it with theirs, etc).

It might clear up by itself, someone should be monitoring for that kind of thing if you wait, but that's never fun.

Whatever happens, nothing on the inside of your own network can be changed to fix this.

Chris
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Johne75Author Commented:
why can others get to it outside our network?
0
Chris DentPowerShell DeveloperCommented:

Different routes, any serious host will have more than one into the network. Besides, this also appears to be transient, notice that v-11.coresw1.grr.iserv.net sends it down a different path when it's working (as your first tracert showed).

Probably broken route advertising, or a faulty load balancer.

Chris
0
Johne75Author Commented:
Well, iserv says nothing changed on there end (yeah right) but we had to change our A record for it to work which has never changed in the 10 years I have worked here. Thanks everyone for your help!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking

From novice to tech pro — start learning today.