?
Solved

DNS routing problem

Posted on 2010-01-13
10
Medium Priority
?
252 Views
Last Modified: 2012-05-08
I have a webserver in our DMZ configured. I can access this webserver from a client in the LAN of my company. So communication LAN<>DMZ works fine.
On the webserver I created a testwebsite. When I use my mobile phone or my internet connection from home, the website is visible by its URL.
When I try it on a client in my LAN, the testwebsite is not visible.
My DNS server has its forwarders configured to the ISP DNS-servers. When I use DollarDNS to check if the website is valid, I get a response with the URL and its corresponding IP-adress. (The address is correct)

Howcome I am not able to view the website from a client in my LAN.
We have a SonicWall firewall in our network. And an other website is working just fine on the same server.
0
Comment
Question by:VicreaExpert
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
10 Comments
 
LVL 12

Expert Comment

by:hkunnana
ID: 26303605
Your internal users must be using the internal DNS server, which obviously doesn't have that testwebsite info.
0
 
LVL 1

Expert Comment

by:yonatanz
ID: 26303663
Hi VicreaExpert,

First of all, check that the website's domain isn't set up in your internal DNS server as a primary/secondary zone (the purpose here is to make sure that your internal DNS server doesn't think it's authoritative for this domain)
Then, you can use Windows' nslookup, or linux's dig utility to see which server says what.

in Windows, do:
Start -> Run -> nslookup
Then at the prompt, type:
server <dns-server-ip>
And then:
<webserver-hostname>
And you will get a list of addresses resolved at the specified server

In Linux, it's even easier, do:
dig @<dns-server-ip> <webserver-hostname>

It might be that your internal web server has wrong (old) cached values for the domain.

0
 
LVL 1

Expert Comment

by:yonatanz
ID: 26303690
Hi VicreaExpert,
OK, tags come out bad!

First of all, check that the website's domain isn't set up in your internal DNS server as a primary/secondary zone (the purpose here is to make sure that your internal DNS server doesn't think it's authoritative for this domain)
Then, you can use Windows' nslookup, or linux's dig utility to see which server says what.

in Windows, do:
Start -> Run -> nslookup
Then at the prompt, type:
> server [dns-server-ip]
And then:
[webserver-hostname]
And you will get a list of addresses resolved at the specified server

In Linux, it's even easier, do:
dig @[dns-server-ip] [webserver-hostname]

It might be that your internal web server has wrong (old) cached values for the domain.

0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 1

Expert Comment

by:yonatanz
ID: 26303699
Sorry about the mess above :/ I hope you can understand what I meant.
0
 
LVL 1

Author Comment

by:VicreaExpert
ID: 26314327
Its OK Yonatanz.

I tried the above. When I use the nslookup utility its a bit strange. Here is the output:

C:\WINDOWS\system32>nslookup
Default Server:  dnsserver.mydomain.local
Address:  10.31.1.161

> 10.31.1.161 webserver1
*** Can't find address for server webserver1: Non-existent domain
> 10.31.1.161 www.testsite.com
Server:  www.testsite.com
Address:  188.160.210.231

DNS request timed out.
    timeout was 2 seconds.
*** Request to www.testsite.com timed-out

In the internal DNS there is no entry for the site testsite.com

0
 
LVL 1

Expert Comment

by:yonatanz
ID: 26315147
Hi again VicreaExpert.
The tags in my previous answers messed everything up.

Let's say that your internal DNS server is 10.10.10.10
And the ISP's DNS server is 20.20.20.20
And your website is www.testsite.com

In nslookup, please do:
> server 10.10.10.10
www.testsite.com

> server 20.20.20.20
www.testsite.com

And show both results.

Also, you may wish to see what the internet sees, by using Google's DNS server at 8.8.8.8 (this is a real IP address):
> server 8.8.8.8
www.testsite.com
0
 
LVL 1

Author Comment

by:VicreaExpert
ID: 26321053
Yonatanz,

Thank you for your info.
When I use the nslookup on the local DNS, it returns a Non-authoritive answer with the URL and the IP-address (the correct one)

When I use the nslookup on the ISP primary DNS server , it returns an error saying it can't find the URL: Non-existent domain.
When I use the nslookup on the ISP secondary DNS server , it returns a Non-authoritive answer with the URL and the IP-address (the correct one)

When I use the nslookup on the Google DNS, it returns a Non-authoritive answer with the URL and the IP-address (the correct one)

There is 1 DNS server saying that the domain is Non-existent and the rest knows about the domain.

In the local DNS I also moved up the IP-address of the working DNS server of the ISP in the Forwarders tab, but I still cannot view the test website.

Any other options??
0
 
LVL 1

Expert Comment

by:yonatanz
ID: 26321880
VicreaExpert,

From what you describe:
"When I use the nslookup on the local DNS, it returns a Non-authoritive answer with the URL and the IP-address (the correct one)"
This means that local queries get resolved correctly.
 
(I will ignore the ISP's primary DNS glitch. I am assuming it's a temporary problem, and you may confirm this by trying again)

Let's make sure that the workstation really uses this DNS server.
In the workstation, in a command line window, type: ipconfig /all
See which DNS servers are mentioned. Are there any others beside the one you tested in your comment above?

If there are, then maybe those return bad information - check this.

If there aren't, restart the Workstation's DNS cache by typing:
net stop dnscache
net start dnscache

And then try to resolve it again by doing, for example:
ping www.testsite.com
And make sure that it gets the correct IP address.

If it does get the correct IP address, then it's time to check the browser on the workstation. Clear the browser's cache as well. Check if it uses an HTTP proxy.
0
 
LVL 1

Author Comment

by:VicreaExpert
ID: 26321987
Yonatanz,

I did all you requested but no result.
I cannot see the website.

The webserver is a Windows Server 2008 64-bit OS with IIS 7 installed.
Can the problem be on the server?
0
 
LVL 1

Accepted Solution

by:
VicreaExpert earned 0 total points
ID: 26494461
The problem seems to lie in the firewall.
There was a NAT rule saying that the websites hosted on our webserver should be approched through its internal IP-adres of the server. Changed that rule en now we can use the right URL.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I've written instructions for one router type, but this principle may be useful for others of the same brand and even other brands of router. Problem: I had an issue especially with mobile devices that refused to use DNS information supplied via…
BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question