Cannot reach website from LAN

valco
valco used Ask the Experts™
on
I am unable to access one of my customers websites from inside their network.  The website is also unreachable by IP address both inside/outside the network.  We can however access the website from the URL outside the network (www.xyz.com).

On the LAN I have added a host record (www) pointing to the IP address of the website on the internal DNS servers.  It resolves correctly with pathping and tracert tests to both the URL and IP address.  I am also able to ping the IP address from inside/outside the network.

I think the problem may be that the LAN domain name and website name are identical (xyz.com for both).  I think the issue is that when you type www.xyz.com from outside the network it loads/resolves as just xyz.com in the browser.  Am I on the right track?  If so anything I can do to resolve on the LAN or do I need to have the web design company fix it?

I am scratching my head on this one as I have setup this up at many sites without issue.  I add the host record (www) on the internal DNS pointing to the website IP and it works.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Top Expert 2012

Commented:
Just so we are clear

You have an internal domain called xyz.com(AD domain)
You are trying to access an external website under the same domain?
Then you need a www record in your internal DNS to fix this, point it to the external IP and you are good to go I think...
Top Expert 2012

Commented:
Just re-read your last line, you have already done this - this is how to fix it, you are correct this is the proper way to fix as because the internal is the same as the external therefore all your internal clients will look at your internal DNS first...nothing wrong with what you have done

Commented:
As long as there is a www record in DNS then it should resolve  which ever is more specific...in your case the www.  What type of web server are you trying to connect too?  Some web servers such as sharepoint, do not answer web queries if you just type in the IP as the URL.  Instead they are preconfigured for a certain fqdn.  The reason for this is that the web servers may host multiple domains and using an IP as a URL doesnt really tell you what domain to serve you with.  Instead the server will look at the HTML headers to determine what domain web page it should direct you too.  I would double check what fqdn the server is configured to answer up for.
JavaScript Best Practices

Save hours in development time and avoid common mistakes by learning the best practices to use for JavaScript.

valcoIT

Author

Commented:
rbadus- Could you clarify "I would double check what fqdn the server is configured to answer up for"?

Commented:
Look in the configuration of the webserver itself.  If it is acting as a virtual server (meaning it host multiple websites) then there should be a section where you configure it to answer for

aaa.xyz.com
123.xyz.com
lmnop.xyz.com

So basically your telling the server if it sees web request for any of the above, then serve the page.  What webserver are you running?

Commented:
also, are you running split dns???? you have an internal and external DNS servers?
valcoIT

Author

Commented:
And, if I enter http://IP Address/~xyz/ from outside the LAN I am able to access the site.  Although, it really doesn't load correctly and I have to hit home for it to load right.  This does not work inside the LAN though.

Not sure on the type of web server we are trying to connect to.  I will confirm.
valcoIT

Author

Commented:
The website it hosted off-site with the web design company.  I have no access to the web server itself.  I am pretty confident it is indeed hosting multiple sites though.

We do not have split DNS setup, although, I was starting to research further.  Can't believe this would be necessary for a simple connection to the company website internally???  Please advise.
Top Expert 2012

Commented:
Just a bit confused here, you said

'I add the host record (www) on the internal DNS pointing to the website IP and it works.' - am I mis-reading this? This was the last line on your original posting
valcoIT

Author

Commented:
Currently we have DNS setup in our AD with two servers to handle the LAN.  They include forwarders out to our ISP DNS servers.
valcoIT

Author

Commented:
To clarify, in my past experiences at all other sites I just add the internal DNS host record (www) to point to the website IP address and it works.  At the site in question this approach is not working.
Top Expert 2012

Commented:
So all your sites have BOTH internal and external domains the same?

Otherwise why are you adding an internal www record(I'm just trying to eliminate DNS from the equation with these questions in case you are wondering), starting to think this is host-header related...

Another question - when outside the network you type www.xyz.com and it resolves - what address appears in the browser window? are you redirected to just xyz.com? Or still the full www.xyz.com?
valcoIT

Author

Commented:
I am redirected to just xyz.com and that is what I think the problem is.  I need to convince the web design company though so I am looking for confirmation.  So, when outside the network I type in www.xyz.com and the page pulls up as http://xyz.com.  I am pretty sure this is the issue.

Not all but a good majority of my sites have the same internal/external domains.  I agree...no www record necessary otherwise.  I just add it when the internal/external are the same.
Top Expert 2012

Commented:
Cool, yes think its host-header related, or something to that effect, when inside the LAN it will also redirect to xyz.com which in this case is not the IP needed...not sure how this can be solved to be honest but maybe the hosts have another option to help...

Commented:
Assuming your internal DNS is authoratative for xyz.com and you have an entry for www to point to the off-site webserver (where you page is hosted).  in addition, external computers are able to hit the website with no issues......I'm starting to think its neither DNS or webserver issues.

Are there any firewall preventing www traffic?  Also, is there a VPN link?
Top Expert 2012

Commented:
@rbadua I still think this is a redirect issue

His internal dns is the same as the external dns, meaning his local AD domain is xyz.com(which isn't normal, normally internal DNS names are xyz.local)

I'm not up to speed on host-headers or redirects but if I enter www.xyz.com into a browser and it ends up at xyz.com then this will not work internally, since xyz.com internally CAN'T point to an external address since it is his domain address, i.e. his DC in most cases...

Commented:
Is your local site serving any type of services?  Possibly change the parent record to that IP of the webpage.  Just make sure your NS record point to your DNS.  Active directory uses will look for SRV records so it should not affect anything unless your serving out applications using the xyz.com

Commented:
yeah smcketown....i was writing it and had to stepped away...when I came back I just sent it without looking at more recent replies
Dd you have WPAD (automatic proxy) impleminted in the LAN ? if so, try in one of the client machines to uncheck the checkbox "auto detect settings" and configure manual proxy.
valcoIT

Author

Commented:
Correct, my domain is xyz.com and so is the URL for the website www.xyz.com.  The domain was setup prior to my starting with the customer otherwise I may have done it differently or as "smcketown" suggests with the .local.  And, they have just created a website for the first time, hence, the reason we are having issues.

I believe if the web host keeps the "www" and does not redirect it to just xyz.com I should be good to go without doing anything further.  Thoughts?  

We do not have WPAD anywhere on the network and the firewall does not block any www traffic.  No VPN links currently...in the process of setting those up next.

Commented:
well it seems your webserver and/or the html code is doing the redirecting.  If you can correct that then great....if not the easiest way is probably change your domain record to the ip of the webserver.  That shouldn't affect AD as it looks at NS and SRV records.  at the xyz.com zone just change the:

" .        IN       A    <website>
valcoIT

Author

Commented:
Thanks rbadua....but could you please clarify the entry below that you suggested?
" .        IN       A    <website>

Commented:
sorry thats how the record would look like in Bind.....dont have a server terminal near me...but if you open up dns management and then click on the forward look up zone for xyz.com.

Within that zone contains all the records you resolve for xyz.com.  in there there should be a record for "." which should be a host record.  just change that to the ip of www.xyz.com.  DO NOT touch the Name Server records (NS)
valcoIT

Author

Commented:
I am not seeing an "." entry.  I see the NS, SOA,  (same as parent folder) host record entries for my DC/DNS servers (2 of them) and the host records for all my PC's on the network.  I also see the "www" entry I created.

Should I add the "." host record entry then?

Commented:
yep add the entry as a host entry.

Commented:
Again my apologies if it sounds vague as I am not near a windows server.  If you are able to add a "." host, then rather than "." it should be blank.  Working off a picture in my head as I mentally visualize creating it.
valcoIT

Author

Commented:
Error- The host record ".".xyz.com cannot be created.  The node cannot be created.

So, I created a host record leaving the name blank (same as parent folder) and directed it to the website IP.  

Still no luck though.

Commented:
did you reload the zone?   What happens when you do a nslookup xyz.com?
valcoIT

Author

Commented:
NSLOOKUP resolves correctly.  It first lists the LAN DNS server I am on with a local IP and name (srv1.xyz.com) and then lists www.xyz.com with the correct IP address.

It has to be the way it is resolving when it removes the "www".  The only other idea I have, which is not neccessarily the correct way, is to load IIS on both DNS servers and redirect from there.  I really don't want to get into IIS installs/security issues though just for the accessing the website.

Again, if I force the web host to use "www" all of the time I think it will be resolved???  Would you agree?
Commented:
I agree with making the web server www, but like i mentioned above you may also need tot reconfigure the web server configuration and/or html code.

Im logging off now but can re engage tomorrow
valcoIT

Author

Commented:
Appreciate all the input rbadua.  I will be discussing further tomorrow with the web design/web host company.  I will update/closeout the question at that time.  Have a good evening.
valcoIT

Author

Commented:
They are still giving me the run-around and telling me it is my DNS.  All I requested was they at least keep the "www" on the website when it resolves so I could test my theory.  I do not write HTML code but that request seems to be falling on deaf ears.

My NSLOOKUP, pathping, tracert all resolve correctly to the website IP address.  Not sure where else to go with this.
Top Expert 2012

Commented:
Just for the record did you try connecting to the IP address instead?

http://ipaddress

rather than the www.xyz.com?

Does that work?
valcoIT

Author

Commented:
Yep, the IP address does not work from anywhere, inside or outside the network.  I was told this is shared hosting so it actually is the IP address/~xyz....however that does not work either.
valcoIT

Author

Commented:
UPDATE- I believe the problem in our Trend Micro Worry-Free Business Security software.  If I disable the website works on the LAN.  Yipeeeeee!!!  Now I just need to figure out why.

We have URL filtering on but even when I disable it does not fix and I have all our URL's in the global approve list.  I am going to contact Trend Micro Enterprise support to discuss further.

I will update with the actual resolution.
IT
Commented:
RESOLUTION: The problem was the way the original web host was resolving the URL.  Once we moved web hosts and had the site always resolve as www.xyz.com the problem went away.  I had all DNS entries correct and the only reason Trend Micro WFBS was causing an issue is it has a service that responds to xyz.com.  So when the URL resolved to xyz.com the issue would happen inside the LAN.

Again, leaving the "www" in after typing the URL solved the issue.

Appreciate all comments/suggestion.  I am rewarding half the points to rbadua as he spent the most time assisting.
valcoIT

Author

Commented:
The answer was changing web hosts as the original web host could not honor the request of leaving the "www" in on resolution of the URL of the website.  Some good suggestions on DNS but in this case switching web hosts was the resolution.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial