• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 254
  • Last Modified:

DNS routing problem

I have a webserver in our DMZ configured. I can access this webserver from a client in the LAN of my company. So communication LAN<>DMZ works fine.
On the webserver I created a testwebsite. When I use my mobile phone or my internet connection from home, the website is visible by its URL.
When I try it on a client in my LAN, the testwebsite is not visible.
My DNS server has its forwarders configured to the ISP DNS-servers. When I use DollarDNS to check if the website is valid, I get a response with the URL and its corresponding IP-adress. (The address is correct)

Howcome I am not able to view the website from a client in my LAN.
We have a SonicWall firewall in our network. And an other website is working just fine on the same server.
0
VicreaExpert
Asked:
VicreaExpert
  • 5
  • 4
1 Solution
 
hkunnanaCommented:
Your internal users must be using the internal DNS server, which obviously doesn't have that testwebsite info.
0
 
yonatanzCommented:
Hi VicreaExpert,

First of all, check that the website's domain isn't set up in your internal DNS server as a primary/secondary zone (the purpose here is to make sure that your internal DNS server doesn't think it's authoritative for this domain)
Then, you can use Windows' nslookup, or linux's dig utility to see which server says what.

in Windows, do:
Start -> Run -> nslookup
Then at the prompt, type:
server <dns-server-ip>
And then:
<webserver-hostname>
And you will get a list of addresses resolved at the specified server

In Linux, it's even easier, do:
dig @<dns-server-ip> <webserver-hostname>

It might be that your internal web server has wrong (old) cached values for the domain.

0
 
yonatanzCommented:
Hi VicreaExpert,
OK, tags come out bad!

First of all, check that the website's domain isn't set up in your internal DNS server as a primary/secondary zone (the purpose here is to make sure that your internal DNS server doesn't think it's authoritative for this domain)
Then, you can use Windows' nslookup, or linux's dig utility to see which server says what.

in Windows, do:
Start -> Run -> nslookup
Then at the prompt, type:
> server [dns-server-ip]
And then:
[webserver-hostname]
And you will get a list of addresses resolved at the specified server

In Linux, it's even easier, do:
dig @[dns-server-ip] [webserver-hostname]

It might be that your internal web server has wrong (old) cached values for the domain.

0
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

 
yonatanzCommented:
Sorry about the mess above :/ I hope you can understand what I meant.
0
 
VicreaExpertAuthor Commented:
Its OK Yonatanz.

I tried the above. When I use the nslookup utility its a bit strange. Here is the output:

C:\WINDOWS\system32>nslookup
Default Server:  dnsserver.mydomain.local
Address:  10.31.1.161

> 10.31.1.161 webserver1
*** Can't find address for server webserver1: Non-existent domain
> 10.31.1.161 www.testsite.com
Server:  www.testsite.com
Address:  188.160.210.231

DNS request timed out.
    timeout was 2 seconds.
*** Request to www.testsite.com timed-out

In the internal DNS there is no entry for the site testsite.com

0
 
yonatanzCommented:
Hi again VicreaExpert.
The tags in my previous answers messed everything up.

Let's say that your internal DNS server is 10.10.10.10
And the ISP's DNS server is 20.20.20.20
And your website is www.testsite.com

In nslookup, please do:
> server 10.10.10.10
www.testsite.com

> server 20.20.20.20
www.testsite.com

And show both results.

Also, you may wish to see what the internet sees, by using Google's DNS server at 8.8.8.8 (this is a real IP address):
> server 8.8.8.8
www.testsite.com
0
 
VicreaExpertAuthor Commented:
Yonatanz,

Thank you for your info.
When I use the nslookup on the local DNS, it returns a Non-authoritive answer with the URL and the IP-address (the correct one)

When I use the nslookup on the ISP primary DNS server , it returns an error saying it can't find the URL: Non-existent domain.
When I use the nslookup on the ISP secondary DNS server , it returns a Non-authoritive answer with the URL and the IP-address (the correct one)

When I use the nslookup on the Google DNS, it returns a Non-authoritive answer with the URL and the IP-address (the correct one)

There is 1 DNS server saying that the domain is Non-existent and the rest knows about the domain.

In the local DNS I also moved up the IP-address of the working DNS server of the ISP in the Forwarders tab, but I still cannot view the test website.

Any other options??
0
 
yonatanzCommented:
VicreaExpert,

From what you describe:
"When I use the nslookup on the local DNS, it returns a Non-authoritive answer with the URL and the IP-address (the correct one)"
This means that local queries get resolved correctly.
 
(I will ignore the ISP's primary DNS glitch. I am assuming it's a temporary problem, and you may confirm this by trying again)

Let's make sure that the workstation really uses this DNS server.
In the workstation, in a command line window, type: ipconfig /all
See which DNS servers are mentioned. Are there any others beside the one you tested in your comment above?

If there are, then maybe those return bad information - check this.

If there aren't, restart the Workstation's DNS cache by typing:
net stop dnscache
net start dnscache

And then try to resolve it again by doing, for example:
ping www.testsite.com
And make sure that it gets the correct IP address.

If it does get the correct IP address, then it's time to check the browser on the workstation. Clear the browser's cache as well. Check if it uses an HTTP proxy.
0
 
VicreaExpertAuthor Commented:
Yonatanz,

I did all you requested but no result.
I cannot see the website.

The webserver is a Windows Server 2008 64-bit OS with IIS 7 installed.
Can the problem be on the server?
0
 
VicreaExpertAuthor Commented:
The problem seems to lie in the firewall.
There was a NAT rule saying that the websites hosted on our webserver should be approched through its internal IP-adres of the server. Changed that rule en now we can use the right URL.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 5
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now