Avatar of valco
valco
Flag for United States of America asked on

Cannot reach website from LAN

I am unable to access one of my customers websites from inside their network.  The website is also unreachable by IP address both inside/outside the network.  We can however access the website from the URL outside the network (www.xyz.com).

On the LAN I have added a host record (www) pointing to the IP address of the website on the internal DNS servers.  It resolves correctly with pathping and tracert tests to both the URL and IP address.  I am also able to ping the IP address from inside/outside the network.

I think the problem may be that the LAN domain name and website name are identical (xyz.com for both).  I think the issue is that when you type www.xyz.com from outside the network it loads/resolves as just xyz.com in the browser.  Am I on the right track?  If so anything I can do to resolve on the LAN or do I need to have the web design company fix it?

I am scratching my head on this one as I have setup this up at many sites without issue.  I add the host record (www) on the internal DNS pointing to the website IP and it works.
Web BrowsersDNSWindows Networking

Avatar of undefined
Last Comment
valco

8/22/2022 - Mon
Shane McKeown

Just so we are clear

You have an internal domain called xyz.com(AD domain)
You are trying to access an external website under the same domain?
Then you need a www record in your internal DNS to fix this, point it to the external IP and you are good to go I think...
Shane McKeown

Just re-read your last line, you have already done this - this is how to fix it, you are correct this is the proper way to fix as because the internal is the same as the external therefore all your internal clients will look at your internal DNS first...nothing wrong with what you have done
rbadua

As long as there is a www record in DNS then it should resolve  which ever is more specific...in your case the www.  What type of web server are you trying to connect too?  Some web servers such as sharepoint, do not answer web queries if you just type in the IP as the URL.  Instead they are preconfigured for a certain fqdn.  The reason for this is that the web servers may host multiple domains and using an IP as a URL doesnt really tell you what domain to serve you with.  Instead the server will look at the HTML headers to determine what domain web page it should direct you too.  I would double check what fqdn the server is configured to answer up for.
Your help has saved me hundreds of hours of internet surfing.
fblack61
valco

ASKER
rbadus- Could you clarify "I would double check what fqdn the server is configured to answer up for"?
rbadua

Look in the configuration of the webserver itself.  If it is acting as a virtual server (meaning it host multiple websites) then there should be a section where you configure it to answer for

aaa.xyz.com
123.xyz.com
lmnop.xyz.com

So basically your telling the server if it sees web request for any of the above, then serve the page.  What webserver are you running?
rbadua

also, are you running split dns???? you have an internal and external DNS servers?
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
valco

ASKER
And, if I enter http://IP Address/~xyz/ from outside the LAN I am able to access the site.  Although, it really doesn't load correctly and I have to hit home for it to load right.  This does not work inside the LAN though.

Not sure on the type of web server we are trying to connect to.  I will confirm.
valco

ASKER
The website it hosted off-site with the web design company.  I have no access to the web server itself.  I am pretty confident it is indeed hosting multiple sites though.

We do not have split DNS setup, although, I was starting to research further.  Can't believe this would be necessary for a simple connection to the company website internally???  Please advise.
Shane McKeown

Just a bit confused here, you said

'I add the host record (www) on the internal DNS pointing to the website IP and it works.' - am I mis-reading this? This was the last line on your original posting
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23
valco

ASKER
Currently we have DNS setup in our AD with two servers to handle the LAN.  They include forwarders out to our ISP DNS servers.
valco

ASKER
To clarify, in my past experiences at all other sites I just add the internal DNS host record (www) to point to the website IP address and it works.  At the site in question this approach is not working.
Shane McKeown

So all your sites have BOTH internal and external domains the same?

Otherwise why are you adding an internal www record(I'm just trying to eliminate DNS from the equation with these questions in case you are wondering), starting to think this is host-header related...

Another question - when outside the network you type www.xyz.com and it resolves - what address appears in the browser window? are you redirected to just xyz.com? Or still the full www.xyz.com?
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
valco

ASKER
I am redirected to just xyz.com and that is what I think the problem is.  I need to convince the web design company though so I am looking for confirmation.  So, when outside the network I type in www.xyz.com and the page pulls up as http://xyz.com.  I am pretty sure this is the issue.

Not all but a good majority of my sites have the same internal/external domains.  I agree...no www record necessary otherwise.  I just add it when the internal/external are the same.
Shane McKeown

Cool, yes think its host-header related, or something to that effect, when inside the LAN it will also redirect to xyz.com which in this case is not the IP needed...not sure how this can be solved to be honest but maybe the hosts have another option to help...
rbadua

Assuming your internal DNS is authoratative for xyz.com and you have an entry for www to point to the off-site webserver (where you page is hosted).  in addition, external computers are able to hit the website with no issues......I'm starting to think its neither DNS or webserver issues.

Are there any firewall preventing www traffic?  Also, is there a VPN link?
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy
Shane McKeown

@rbadua I still think this is a redirect issue

His internal dns is the same as the external dns, meaning his local AD domain is xyz.com(which isn't normal, normally internal DNS names are xyz.local)

I'm not up to speed on host-headers or redirects but if I enter www.xyz.com into a browser and it ends up at xyz.com then this will not work internally, since xyz.com internally CAN'T point to an external address since it is his domain address, i.e. his DC in most cases...
rbadua

Is your local site serving any type of services?  Possibly change the parent record to that IP of the webpage.  Just make sure your NS record point to your DNS.  Active directory uses will look for SRV records so it should not affect anything unless your serving out applications using the xyz.com
rbadua

yeah smcketown....i was writing it and had to stepped away...when I came back I just sent it without looking at more recent replies
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Suliman Abu Kharroub

Dd you have WPAD (automatic proxy) impleminted in the LAN ? if so, try in one of the client machines to uncheck the checkbox "auto detect settings" and configure manual proxy.
valco

ASKER
Correct, my domain is xyz.com and so is the URL for the website www.xyz.com.  The domain was setup prior to my starting with the customer otherwise I may have done it differently or as "smcketown" suggests with the .local.  And, they have just created a website for the first time, hence, the reason we are having issues.

I believe if the web host keeps the "www" and does not redirect it to just xyz.com I should be good to go without doing anything further.  Thoughts?  

We do not have WPAD anywhere on the network and the firewall does not block any www traffic.  No VPN links currently...in the process of setting those up next.
rbadua

well it seems your webserver and/or the html code is doing the redirecting.  If you can correct that then great....if not the easiest way is probably change your domain record to the ip of the webserver.  That shouldn't affect AD as it looks at NS and SRV records.  at the xyz.com zone just change the:

" .        IN       A    <website>
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
valco

ASKER
Thanks rbadua....but could you please clarify the entry below that you suggested?
" .        IN       A    <website>
rbadua

sorry thats how the record would look like in Bind.....dont have a server terminal near me...but if you open up dns management and then click on the forward look up zone for xyz.com.

Within that zone contains all the records you resolve for xyz.com.  in there there should be a record for "." which should be a host record.  just change that to the ip of www.xyz.com.  DO NOT touch the Name Server records (NS)
valco

ASKER
I am not seeing an "." entry.  I see the NS, SOA,  (same as parent folder) host record entries for my DC/DNS servers (2 of them) and the host records for all my PC's on the network.  I also see the "www" entry I created.

Should I add the "." host record entry then?
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
rbadua

yep add the entry as a host entry.
rbadua

Again my apologies if it sounds vague as I am not near a windows server.  If you are able to add a "." host, then rather than "." it should be blank.  Working off a picture in my head as I mentally visualize creating it.
valco

ASKER
Error- The host record ".".xyz.com cannot be created.  The node cannot be created.

So, I created a host record leaving the name blank (same as parent folder) and directed it to the website IP.  

Still no luck though.
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck
rbadua

did you reload the zone?   What happens when you do a nslookup xyz.com?
valco

ASKER
NSLOOKUP resolves correctly.  It first lists the LAN DNS server I am on with a local IP and name (srv1.xyz.com) and then lists www.xyz.com with the correct IP address.

It has to be the way it is resolving when it removes the "www".  The only other idea I have, which is not neccessarily the correct way, is to load IIS on both DNS servers and redirect from there.  I really don't want to get into IIS installs/security issues though just for the accessing the website.

Again, if I force the web host to use "www" all of the time I think it will be resolved???  Would you agree?
SOLUTION
rbadua

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
valco

ASKER
Appreciate all the input rbadua.  I will be discussing further tomorrow with the web design/web host company.  I will update/closeout the question at that time.  Have a good evening.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
valco

ASKER
They are still giving me the run-around and telling me it is my DNS.  All I requested was they at least keep the "www" on the website when it resolves so I could test my theory.  I do not write HTML code but that request seems to be falling on deaf ears.

My NSLOOKUP, pathping, tracert all resolve correctly to the website IP address.  Not sure where else to go with this.
Shane McKeown

Just for the record did you try connecting to the IP address instead?

http://ipaddress

rather than the www.xyz.com?

Does that work?
valco

ASKER
Yep, the IP address does not work from anywhere, inside or outside the network.  I was told this is shared hosting so it actually is the IP address/~xyz....however that does not work either.
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes
valco

ASKER
UPDATE- I believe the problem in our Trend Micro Worry-Free Business Security software.  If I disable the website works on the LAN.  Yipeeeeee!!!  Now I just need to figure out why.

We have URL filtering on but even when I disable it does not fix and I have all our URL's in the global approve list.  I am going to contact Trend Micro Enterprise support to discuss further.

I will update with the actual resolution.
ASKER CERTIFIED SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
valco

ASKER
The answer was changing web hosts as the original web host could not honor the request of leaving the "www" in on resolution of the URL of the website.  Some good suggestions on DNS but in this case switching web hosts was the resolution.