Link to home
Get AccessLog in
Avatar of valco
valcoFlag for United States of America

asked on

Cannot reach website from LAN

I am unable to access one of my customers websites from inside their network.  The website is also unreachable by IP address both inside/outside the network.  We can however access the website from the URL outside the network (www.xyz.com).

On the LAN I have added a host record (www) pointing to the IP address of the website on the internal DNS servers.  It resolves correctly with pathping and tracert tests to both the URL and IP address.  I am also able to ping the IP address from inside/outside the network.

I think the problem may be that the LAN domain name and website name are identical (xyz.com for both).  I think the issue is that when you type www.xyz.com from outside the network it loads/resolves as just xyz.com in the browser.  Am I on the right track?  If so anything I can do to resolve on the LAN or do I need to have the web design company fix it?

I am scratching my head on this one as I have setup this up at many sites without issue.  I add the host record (www) on the internal DNS pointing to the website IP and it works.
Avatar of Shane McKeown
Shane McKeown
Flag of Ireland image

Just so we are clear

You have an internal domain called xyz.com(AD domain)
You are trying to access an external website under the same domain?
Then you need a www record in your internal DNS to fix this, point it to the external IP and you are good to go I think...
Just re-read your last line, you have already done this - this is how to fix it, you are correct this is the proper way to fix as because the internal is the same as the external therefore all your internal clients will look at your internal DNS first...nothing wrong with what you have done
Avatar of rbadua
rbadua

As long as there is a www record in DNS then it should resolve  which ever is more specific...in your case the www.  What type of web server are you trying to connect too?  Some web servers such as sharepoint, do not answer web queries if you just type in the IP as the URL.  Instead they are preconfigured for a certain fqdn.  The reason for this is that the web servers may host multiple domains and using an IP as a URL doesnt really tell you what domain to serve you with.  Instead the server will look at the HTML headers to determine what domain web page it should direct you too.  I would double check what fqdn the server is configured to answer up for.
Avatar of valco

ASKER

rbadus- Could you clarify "I would double check what fqdn the server is configured to answer up for"?
Look in the configuration of the webserver itself.  If it is acting as a virtual server (meaning it host multiple websites) then there should be a section where you configure it to answer for

aaa.xyz.com
123.xyz.com
lmnop.xyz.com

So basically your telling the server if it sees web request for any of the above, then serve the page.  What webserver are you running?
also, are you running split dns???? you have an internal and external DNS servers?
Avatar of valco

ASKER

And, if I enter http://IP Address/~xyz/ from outside the LAN I am able to access the site.  Although, it really doesn't load correctly and I have to hit home for it to load right.  This does not work inside the LAN though.

Not sure on the type of web server we are trying to connect to.  I will confirm.
Avatar of valco

ASKER

The website it hosted off-site with the web design company.  I have no access to the web server itself.  I am pretty confident it is indeed hosting multiple sites though.

We do not have split DNS setup, although, I was starting to research further.  Can't believe this would be necessary for a simple connection to the company website internally???  Please advise.
Just a bit confused here, you said

'I add the host record (www) on the internal DNS pointing to the website IP and it works.' - am I mis-reading this? This was the last line on your original posting
Avatar of valco

ASKER

Currently we have DNS setup in our AD with two servers to handle the LAN.  They include forwarders out to our ISP DNS servers.
Avatar of valco

ASKER

To clarify, in my past experiences at all other sites I just add the internal DNS host record (www) to point to the website IP address and it works.  At the site in question this approach is not working.
So all your sites have BOTH internal and external domains the same?

Otherwise why are you adding an internal www record(I'm just trying to eliminate DNS from the equation with these questions in case you are wondering), starting to think this is host-header related...

Another question - when outside the network you type www.xyz.com and it resolves - what address appears in the browser window? are you redirected to just xyz.com? Or still the full www.xyz.com?
Avatar of valco

ASKER

I am redirected to just xyz.com and that is what I think the problem is.  I need to convince the web design company though so I am looking for confirmation.  So, when outside the network I type in www.xyz.com and the page pulls up as http://xyz.com.  I am pretty sure this is the issue.

Not all but a good majority of my sites have the same internal/external domains.  I agree...no www record necessary otherwise.  I just add it when the internal/external are the same.
Cool, yes think its host-header related, or something to that effect, when inside the LAN it will also redirect to xyz.com which in this case is not the IP needed...not sure how this can be solved to be honest but maybe the hosts have another option to help...
Assuming your internal DNS is authoratative for xyz.com and you have an entry for www to point to the off-site webserver (where you page is hosted).  in addition, external computers are able to hit the website with no issues......I'm starting to think its neither DNS or webserver issues.

Are there any firewall preventing www traffic?  Also, is there a VPN link?
@rbadua I still think this is a redirect issue

His internal dns is the same as the external dns, meaning his local AD domain is xyz.com(which isn't normal, normally internal DNS names are xyz.local)

I'm not up to speed on host-headers or redirects but if I enter www.xyz.com into a browser and it ends up at xyz.com then this will not work internally, since xyz.com internally CAN'T point to an external address since it is his domain address, i.e. his DC in most cases...
Is your local site serving any type of services?  Possibly change the parent record to that IP of the webpage.  Just make sure your NS record point to your DNS.  Active directory uses will look for SRV records so it should not affect anything unless your serving out applications using the xyz.com
yeah smcketown....i was writing it and had to stepped away...when I came back I just sent it without looking at more recent replies
Avatar of Suliman Abu Kharroub
Dd you have WPAD (automatic proxy) impleminted in the LAN ? if so, try in one of the client machines to uncheck the checkbox "auto detect settings" and configure manual proxy.
Avatar of valco

ASKER

Correct, my domain is xyz.com and so is the URL for the website www.xyz.com.  The domain was setup prior to my starting with the customer otherwise I may have done it differently or as "smcketown" suggests with the .local.  And, they have just created a website for the first time, hence, the reason we are having issues.

I believe if the web host keeps the "www" and does not redirect it to just xyz.com I should be good to go without doing anything further.  Thoughts?  

We do not have WPAD anywhere on the network and the firewall does not block any www traffic.  No VPN links currently...in the process of setting those up next.
well it seems your webserver and/or the html code is doing the redirecting.  If you can correct that then great....if not the easiest way is probably change your domain record to the ip of the webserver.  That shouldn't affect AD as it looks at NS and SRV records.  at the xyz.com zone just change the:

" .        IN       A    <website>
Avatar of valco

ASKER

Thanks rbadua....but could you please clarify the entry below that you suggested?
" .        IN       A    <website>
sorry thats how the record would look like in Bind.....dont have a server terminal near me...but if you open up dns management and then click on the forward look up zone for xyz.com.

Within that zone contains all the records you resolve for xyz.com.  in there there should be a record for "." which should be a host record.  just change that to the ip of www.xyz.com.  DO NOT touch the Name Server records (NS)
Avatar of valco

ASKER

I am not seeing an "." entry.  I see the NS, SOA,  (same as parent folder) host record entries for my DC/DNS servers (2 of them) and the host records for all my PC's on the network.  I also see the "www" entry I created.

Should I add the "." host record entry then?
yep add the entry as a host entry.
Again my apologies if it sounds vague as I am not near a windows server.  If you are able to add a "." host, then rather than "." it should be blank.  Working off a picture in my head as I mentally visualize creating it.
Avatar of valco

ASKER

Error- The host record ".".xyz.com cannot be created.  The node cannot be created.

So, I created a host record leaving the name blank (same as parent folder) and directed it to the website IP.  

Still no luck though.
did you reload the zone?   What happens when you do a nslookup xyz.com?
Avatar of valco

ASKER

NSLOOKUP resolves correctly.  It first lists the LAN DNS server I am on with a local IP and name (srv1.xyz.com) and then lists www.xyz.com with the correct IP address.

It has to be the way it is resolving when it removes the "www".  The only other idea I have, which is not neccessarily the correct way, is to load IIS on both DNS servers and redirect from there.  I really don't want to get into IIS installs/security issues though just for the accessing the website.

Again, if I force the web host to use "www" all of the time I think it will be resolved???  Would you agree?
SOLUTION
Avatar of rbadua
rbadua

Link to home
membership
This content is only available to members.
To access this content, you must be a member of Experts Exchange.
Get Access
Avatar of valco

ASKER

Appreciate all the input rbadua.  I will be discussing further tomorrow with the web design/web host company.  I will update/closeout the question at that time.  Have a good evening.
Avatar of valco

ASKER

They are still giving me the run-around and telling me it is my DNS.  All I requested was they at least keep the "www" on the website when it resolves so I could test my theory.  I do not write HTML code but that request seems to be falling on deaf ears.

My NSLOOKUP, pathping, tracert all resolve correctly to the website IP address.  Not sure where else to go with this.
Just for the record did you try connecting to the IP address instead?

http://ipaddress

rather than the www.xyz.com?

Does that work?
Avatar of valco

ASKER

Yep, the IP address does not work from anywhere, inside or outside the network.  I was told this is shared hosting so it actually is the IP address/~xyz....however that does not work either.
Avatar of valco

ASKER

UPDATE- I believe the problem in our Trend Micro Worry-Free Business Security software.  If I disable the website works on the LAN.  Yipeeeeee!!!  Now I just need to figure out why.

We have URL filtering on but even when I disable it does not fix and I have all our URL's in the global approve list.  I am going to contact Trend Micro Enterprise support to discuss further.

I will update with the actual resolution.
ASKER CERTIFIED SOLUTION
Link to home
membership
This content is only available to members.
To access this content, you must be a member of Experts Exchange.
Get Access
Avatar of valco

ASKER

The answer was changing web hosts as the original web host could not honor the request of leaving the "www" in on resolution of the URL of the website.  Some good suggestions on DNS but in this case switching web hosts was the resolution.