[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 350
  • Last Modified:

DNS issue - can't get to our website offsite

Hello,

I have staff members at my church saying they cannot access the church website.  It is being hosted by a web hosting company.  I have taken over the tech duties there as we will soon move to a new server.  

Problem  - Staff cannot access www.rvcfchurch.org - while at the church.  They can get to other websites without problems.  They can get to other .org websites as well.
I am at work (not at the church) and CAN access the website.  they cannot ping the website via DNS name or IP address from church.  I CAN pint the IP address of the website from work.

I adjusted the DNS settings Monday evening.  They WERE able to access the website up through yesterday.   The problem started this morning.  

1.This is a Windows Server 2003 box.  
2. DNS is setup using root hints - no forwarders are set.
3. We have a sonicwall firewall setup in between the LAN and the comcast cable modem.  
4. The firewall gets DHCP from Comcast - this is all working fine.  
5. DHCP on the server hands out the DNS address of the server itself to the client machines.
6. I had the secretary flush the DNS on her machine and on the server.  She still could not access the web page via a browser or ping it via IP.

Any help is appreciated!  Thanks,
Dan

0
dan_ch
Asked:
dan_ch
  • 14
  • 8
  • 5
  • +5
1 Solution
 
Paul MacDonaldDirector, Information SystemsCommented:
When they ping the domain name, what IP address is returned?  What happens if they perform a tracert to the domain?
0
 
dan_chAuthor Commented:
when she pings the IP - she gets: request timed out
I'm pretty sure when she pings www.rvcfchurch.org - she also gets "request timed out" as well.  I'm double checking to make sure.
0
 
conradjonesCommented:
is the server hosted internally or externally?

what DNS settings did you adjust, why did you adjust them? what did you adjust them to?
0
The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

 
dexITCommented:
IIS if you're hosting it or your web host would be the first place to look.
0
 
Paul MacDonaldDirector, Information SystemsCommented:
Don't have her ping the IP address, have her ping the domain name and make sure it's resolving to the correct IP address.  Is it the same IP address you can ping?  I get 98.129.172.52.

What did you change about the DNS settings?  If you changed the DNS settings in anticipation of the server move, is the site available on the new server as well as the old one?
0
 
dan_chAuthor Commented:
The server is hosted offsite - a hosting company.  
1. I changed the DNS settings as they didn't have any internet access on Monday.  This was resolved as it was partly a comcast issue.
2. I did have her ping the domain name www.rvcfchurch.org.  She can NOT ping it.  Nor can she ping the IP.  I CAN ping the domain name and the IP you listed above from work.
3. I simply removed the forwarder from the list which I believe was the address of the comcast modem on the LAN side - 192.168.0.1
4. I setup DNS to use root hints.

This tells me that some kind of flushdns or something should work on the server.  Though once again we tried this and this did not resolve the issue.

0
 
conradjonesCommented:
can you post the results of

tracert 98.129.172.52

and

tracert www.rvcfchurch.org

from inside the church
0
 
dan_chAuthor Commented:
Here are the results from both tracert to the IP 98.129.172.52 and to the domain name.  The IP is first.

C:\Documents and Settings\user>tracert 98.129.172.52

 Tracing route to 98.129.172.52 over a maximum of 30 hops

  1     *        *        *     Request timed out.

  2     9 ms     9 ms     9 ms  te-2-1-ur02.kankakee.il.chicago.comcast.net [68

86.116.61]
  3    10 ms     8 ms     9 ms  te-8-1-ur02.homewood.il.chicago.comcast.net [68
87.230.14]
  4    10 ms     9 ms    16 ms  te-4-4-ur08.homewood.il.chicago.comcast.net [68

87.230.138]
  5    11 ms    11 ms    12 ms  be-85-ar01.area4.il.chicago.comcast.net [68.87.
31.205]
  6    14 ms    13 ms    11 ms  pos-1-14-0-0-cr01.chicago.il.ibone.comcast.net
68.86.90.45]
  7    35 ms    35 ms    33 ms  pos-2-15-0-0-cr01.atlanta.ga.ibone.comcast.net
68.86.85.166]
  8    54 ms    54 ms    55 ms  pos-1-15-0-0-cr01.dallas.tx.ibone.comcast.net [
8.86.85.149]
  9    56 ms    56 ms    54 ms  pos-0-2-0-0-pe01.1950stemmons.tx.ibone.comcast.
et [68.86.86.150]
 10    58 ms    59 ms    59 ms  rackspace-bbr.dfw1.comcast.net [75.149.230.242]
 11    59 ms    59 ms    59 ms  core7-bbr1-vlan3007.dfw1.rackspace.net [174.143
123.118]
 12    58 ms    57 ms    62 ms  aggr504a-2-core7.dfw1.rackspace.net [98.129.84.
9]

 13     *        *        *     Request timed out.
 14     *        *        *     Request timed out.
 15     *        *        *     Request timed out.
 16     *        *        *     Request timed out.
 17     *        *        *     Request timed out.
 18     *        *        *     Request timed out.
 19     *     ^C

********************************************************************************
C:\Documents and Settings\user>tracert www.rvcfchurch.org 

Tracing route to www.rvcfchurch.org [98.129.172.52]

over a maximum of 30 hops:
 

  1     *        *        *     Request timed out.
  2     9 ms     9 ms     9 ms  te-2-1-ur02.kankakee.il.chicago.comcast.net [68
86.116.61]
  3    10 ms     9 ms     9 ms  te-8-1-ur02.homewood.il.chicago.comcast.net [68
87.230.14]
  4     9 ms     9 ms     9 ms  te-4-4-ur08.homewood.il.chicago.comcast.net [68
87.230.138]
  5    11 ms    14 ms    11 ms  be-85-ar01.area4.il.chicago.comcast.net [68.87.
31.205]
  6    13 ms    11 ms    11 ms  pos-1-14-0-0-cr01.chicago.il.ibone.comcast.net
68.86.90.45]
  7    34 ms    33 ms    33 ms  pos-2-15-0-0-cr01.atlanta.ga.ibone.comcast.net
68.86.85.166]
  8    56 ms    56 ms    56 ms  pos-1-15-0-0-cr01.dallas.tx.ibone.comcast.net [
8.86.85.149]
  9    57 ms    55 ms    55 ms  pos-0-2-0-0-pe01.1950stemmons.tx.ibone.comcast.
et [68.86.86.150]
 10    59 ms    59 ms    59 ms  rackspace-bbr.dfw1.comcast.net [75.149.230.242]

 11   114 ms    59 ms    59 ms  core7-bbr1-vlan3007.dfw1.rackspace.net [174.143
123.118]
 12    66 ms    57 ms    57 ms  aggr504a-2-core7.dfw1.rackspace.net [98.129.84.
9]
 13     *        *        *     Request timed out.
 14     *        *        *     Request timed out.
 15     *        *        *     Request timed out.
 16     *        *        *     Request timed out.
 17     *        *        *     Request timed out.
 18     *        *        *     Request timed out.
 19     *        *        *     Request timed out.
 20     *        *        *     Request timed out.
 21  ^C

0
 
JeffSchaperCommented:
Is the Web server name included in a proxy as a local address? Have you tried another workstation/laptop from inside the church?
0
 
JeffSchaperCommented:
Oops, looks like I jumped in too early before you posted your tracert results. Routes are going out of the church so it is not an issue there with a proxy. But it is strange that the server would reply to other addresses apart from the church. Your travert shows that the test gets to a router very close to the server before failing.
0
 
JeffSchaperCommented:
Did a tracert from here and the failure point is your web server. I bet if your connect to your web server and do a tracert back to the churh it will not know where to go. A setting left over from the before the move?
0
 
dan_chAuthor Commented:
I suppose the past tech *could* have set something up like that.  Though once again the site is hosted off site.   Yes, at least 2 workstations in the church have the same issue.  I believe this affects everyone in the building.  I don't think the proxy stuff is setup though in IE on the workstations, though I could check later.
0
 
dan_chAuthor Commented:
Jeff - Though I can view the web page and you probably can as well.  Something is very strange!  I can't connect to the web server as it is off site.  
0
 
conradjonesCommented:
how is the server hosted, is it your server / dedicated server in their rack. or is it a standard hosting package like go daddy etc
0
 
dan_chAuthor Commented:
I have never dealt with it, as I am just getting started.  I'm pretty sure it is not our server.  They aren't techy enough to do that!  So i believe it is a standard hosting package.  The secretary is the one that updates with new information, etc...  does this help?
0
 
JeffSchaperCommented:
For the tracert to fail means the device after the last successful reply does not know where to send the reply packet to. Since the web server replies to all of us, it knows where to send every other packet, to 98.129.84.
9, This brings me to the conclusion that there is a route/hosts file entry or some other setting that would have being set on the server, so when a reply is required to go back to the churches IP address it is being sent back to the server itself. As if it had being sent to the 98.129.84.9 this router would have sent it back to the church. You will have to log onto the server and check it there is a secondary IP address, the churches, check the hosts file or a static route pointing in the wrong direction.

After all that, check your routing on the server.
0
 
theonlyallanCommented:
You should contact your hosting company and tell them the DNS has stopped working.
They will update the records..  My guess is that they were probably doing some server upgrades during the long weekend (easter) and the DNS hasn't propragated to all the servers..
0
 
JeffSchaperCommented:
I believe the DNS works as the tracert test was able to get to the router near the Web Server. Just that the Web server does not know how to get back to the church.

Check the routing on the Web server.
0
 
theonlyallanCommented:
Tracert will resolve no matter what.. To see if it is a dns problem do the following

Nslookup -debug yourdomain.com 4.2.2.2 (change to your dns server)
0
 
theonlyallanCommented:
Btw: it can also be a routing issue with your ISP, maybe a node is down.. To check this, try to connect to your website via proxy server.
0
 
dan_chAuthor Commented:
I was thinking it could possibly be the ISP as well.  Like the ISP DNS.  though I'm not using the ISP DNS servers.  i'm using - root hints.  So maybe the root hint that is listed (the .org root hint server) is the problem.    theonlyallan - thanks for the 2 comments.   I just ran your nslookup idea and don't see anything totally wrong...though I'm not toally sure what I'm looking for.  The IP for the rvcfchurch.org site is corrrect - 98.129.172.52

Good idea about trying a proxy.  I'll try that.
0
 
JeffSchaperCommented:
The IP is correct but your routing is wrong, and it's only the routing from the Web server back to the church. When you can run a tracert from the web server back to the church and post the results.
0
 
dan_chAuthor Commented:
I can try that.  Ill have to try and contact the hosting company to see if they can assist as we do not have a dedicated server.
0
 
paulms53Commented:
what is the name of the internal domain?  is it rvcfchurch.org? If so, in DNS,  add a new host 'www 'with the IP address of the church's website
0
 
dan_chAuthor Commented:
First of all, thanks a TON to everyone that has replied.  The issue is not yet fixed yet, thought I *might* be getting closer.
Responding to paulms53 - actually the name of the internal domain is the same except it is .local   So I don't believe that will work.  I have pretty much almost taken DNS out of the picture.  Here is why:
1.Tracerts to the church website get really close as shown in my posting above in this thread.  
2. Staff members can access all other websites.
3. The website IS accessible from outside the church.

I'm now thinking there is a setting that the previous tech at the church made a setting inside of the modem.  i have just emailed him and he told me that he had done a change or two.  So I'll be checking into that tonight.
Thanks....
0
 
conradjonesCommented:
yes it definately sounds like a routing issue with your modem/router
0
 
paulms53Commented:
let us know how you resolved it
0
 
dan_chAuthor Commented:
Here is where I am at with this situation.  It actually *seemed* to resolve itself over the weekend.  The site www.rvcfchurch.org was accessible again.  I had gone in to reboot the comcast modem.  I went ahead and did this anyway.

The ugly monster though revered its ugly head once again yesterday and it came back.  So I rebooted the modem and again, the site is accessible.  And now once again later this morning, the site was down again so I had the secretary reboot it.  To me this seems like some kind of a DNS caching issue somewhere in DNS Land.   Once again we are using root hints for the DNS setup on the inside.  
If anyone has any comments as to what could possibly be the issue, that would be appreciated.
Thanks,
Dan
0
 
theonlyallanCommented:
Just for fun, can you configure your laptop directly to the Comcast modem to rule out anything wrong with your network?
0
 
dan_chAuthor Commented:
Well, I have bypassed the network/firewall all together and get the same results.  I plug directly into the comcast modem and get DHCP and DNS from comcast.  And yes, the same results!  So to me this says it is a comcast issue.  So I'm pretty sure it is not related to the church's network.  ALL other web traffic is fine.
0
 
theonlyallanCommented:
Have you talked to Comcast Support? Maybe they have a network node that is down? (well, its been down for a long time! ) you should report the issue..
0
 
dan_chAuthor Commented:
That is my next step!
0
 
JeffSchaperCommented:
I'd take Paulms53's advise. Your web server is confused about it's DNS names. So when it wants to send back to your church the DNS name is the same as the web page so it sends it to itself.
0
 
paulms53Commented:
try setting up a .org zone in DNS and then adding the 'www' host, see what happens then.
0
 
dan_chAuthor Commented:
Jeff and Paul,

Thanks for the advice.  Though i've not done this stuff.  So, the hosting company should help me with this correct?  I'm guessing they deal with DNS records, etc... ???
0
 
paulms53Commented:
you should be able to set it up yourself in DNS under Administrative Tools on your server
0
 
JeffSchaperCommented:
That is correct. This problem is with the hosting company and your ISP. Speak with them both to sort it out.
0
 
dan_chAuthor Commented:
Thanks for everyone's response.  It seems to have been resolved.  Here is what I got from the ISP:

He said that the Smart Packet Detection on their firewall was enabled.  He said that when the problem arises (where you can get to every other website but your own), that is usually the cause.  He has disabled it and said if we don’t have anymore problems with it then that was it – problem solved.

Seems strange but this is the answer the secretary got from Comcast!.
Thanks again.
0
 
conradjonesCommented:
not so smart after all!!

if you google "Smart Packet Detection" loads of links involving comcast come up.
0

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

  • 14
  • 8
  • 5
  • +5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now