Discover app within WatchGuard's Wi-Fi Cloud helps you optimize W-Fi user experience with the most complete set of visibility, troubleshooting, and network health features. Quickly pinpointing network problems will lead to more happy users and most importantly, productive IT.
Can't Get to Website From Internal Network
Our company website is abccompany.com while our e-mail domain is .net, i.e., elduderino@abccompany.net.
GoDaddy is our webhosting provider and has pointed .com and .net to the site. This has worked for the last four years. Now, nobody can get to site using .net from inside our network but using .com works. At home, at Starbuck's, in a hotel....no problem with using either .com or .net. The DNS settings on the GoDaddy console look correct and I certainly haven't changed any of them. Only the webmaster and I have access to the GoDaddy account and she said that she hasn't changed anything.
My network:
Windows Server 2008 R2 - domain controller (AD, Peachtree Accounting and files)
Windows Server 2008 R2 - app server (a print management app and a knowledge base using IIS)
Using Active Directory
Ubiquiti UniFi APs and controller
60-70 wireless devices, 25 wired devices (printers and desktops)
Using VLANs
192.168.1.1 - management network
192.168.10.x - wired devices
192.168.15.x - VoIP phones
192.168.20.x - wireless devices
192.168.25.x - not used at this time
We have MPLS and a cloud firewall through our provider, Windstream. It hasn't given us any problems in the past and I haven't talked to them yet about this issue.
Does this sound like an internal issue and, if so, where do I start looking? If I'm in the wrong forum, please advise.
GoDaddy is our webhosting provider and has pointed .com and .net to the site. This has worked for the last four years. Now, nobody can get to site using .net from inside our network but using .com works. At home, at Starbuck's, in a hotel....no problem with using either .com or .net. The DNS settings on the GoDaddy console look correct and I certainly haven't changed any of them. Only the webmaster and I have access to the GoDaddy account and she said that she hasn't changed anything.
My network:
Windows Server 2008 R2 - domain controller (AD, Peachtree Accounting and files)
Windows Server 2008 R2 - app server (a print management app and a knowledge base using IIS)
Using Active Directory
Ubiquiti UniFi APs and controller
60-70 wireless devices, 25 wired devices (printers and desktops)
Using VLANs
192.168.1.1 - management network
192.168.10.x - wired devices
192.168.15.x - VoIP phones
192.168.20.x - wireless devices
192.168.25.x - not used at this time
We have MPLS and a cloud firewall through our provider, Windstream. It hasn't given us any problems in the past and I haven't talked to them yet about this issue.
Does this sound like an internal issue and, if so, where do I start looking? If I'm in the wrong forum, please advise.
Who is Participating?
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get every solution instantly with Premium.
Start your 7-day free trial.
I wear a lot of hats...
"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.
We are not using the .net as the Windows domain. That is a completely different name from the website and uses .local.
DNS on the 2008 R2 box?
DNS on the 2008 R2 box?
You say that .com AND .net worked for the past four years? But now it doesn't. Has any changes been made at your end?
Does it work if you use www.abccompany.net?
If you do a whois lookup does abccompany.net point to the website (abccompany.com)
Does it work if you use www.abccompany.net?
If you do a whois lookup does abccompany.net point to the website (abccompany.com)
Yes, .com and .net both worked for the past four years. I have not made changes to the GoDaddy DNS settings nor to the DNS configuration on the domain controller. The webmaster has access to GoDaddy but she said she hasn't changed anything.
Trying to hit the site with http://www.abccompany.net does not work from the inside but it works from the outside.
Whois for abccompany.net didn't shed any light on the problem but, though I already looked, I called GoDaddy and went through the DNS settings with them. It's all correct.
I am working off-site the next day or so but will try to look at the DNS on the domain controller to see what I can see.
Trying to hit the site with http://www.abccompany.net does not work from the inside but it works from the outside.
Whois for abccompany.net didn't shed any light on the problem but, though I already looked, I called GoDaddy and went through the DNS settings with them. It's all correct.
I am working off-site the next day or so but will try to look at the DNS on the domain controller to see what I can see.
What's your MX record? something like mail.abccompany.net? Do you have a zone in AD for your email? i.e. abccompany.net and an A record for mail in that zone?
Check that you get the correct IP address for http://www.abccompany.net from inside. If so, I would try a tracert to that address.
Yes, what we need to know is that abccompany.net and .com resolve internally to the same location. From a workstation you can do nslookup abccompany.net and nslookup abccompany.com for a command prompt.
MX record is homesteadhospice-com.mail.
There is no zone in AD for e-mail.
NSLOOKUP results:
I confirmed with GoDaddy that 184.168.46.68 is the correct IP address.
TRACERT for that IP:
There is no zone in AD for e-mail.
NSLOOKUP results:
C:\>nslookup
Default Server: hhserver.hhnet.local
Address: 192.168.10.2
> nslookup homesteadhospice.net
*** Can't find address for server homesteadhospice.net: Non-authoritative answer
> nslookup homesteadhospice.com
Server: homesteadhospice.com
Address: 184.168.46.68
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to homesteadhospice.com timed-out
Default Server: hhserver.hhnet.local
Address: 192.168.10.2
> nslookup homesteadhospice.net
*** Can't find address for server homesteadhospice.net: Non-authoritative answer
> nslookup homesteadhospice.com
Server: homesteadhospice.com
Address: 184.168.46.68
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to homesteadhospice.com timed-out
I confirmed with GoDaddy that 184.168.46.68 is the correct IP address.
TRACERT for that IP:
C:\>tracert 184.168.46.68
Tracing route to p3nw8shg322.shr.prod.phx3.
over a maximum of 30 hops:
1 1 ms 1 ms 1 ms 192.168.10.1
2 <1 ms <1 ms <1 ms 10.0.1.1
3 2 ms 3 ms 1 ms 172.16.0.1
4 2 ms 2 ms 2 ms crit-asfo0ain.sfo0.cbeyond
5 2 ms 2 ms 2 ms h212.98.132.40.static.ip.w
98.212]
6 2 ms 2 ms 2 ms h200.58.132.40.static.ip.w
58.200]
7 38 ms 38 ms 38 ms 198.32.132.165
8 42 ms 42 ms 42 ms be38.trmc0215-01.ars.mgmt.
]
9 41 ms 42 ms 42 ms be38.trmc0215-01.ars.mgmt.
]
10 39 ms 38 ms 38 ms ip-97-74-255-129.ip.secure
129]
11 42 ms 41 ms 41 ms p3nw8shg322.shr.prod.phx3.
168.46.68]
Trace complete.
Tracing route to p3nw8shg322.shr.prod.phx3.
over a maximum of 30 hops:
1 1 ms 1 ms 1 ms 192.168.10.1
2 <1 ms <1 ms <1 ms 10.0.1.1
3 2 ms 3 ms 1 ms 172.16.0.1
4 2 ms 2 ms 2 ms crit-asfo0ain.sfo0.cbeyond
5 2 ms 2 ms 2 ms h212.98.132.40.static.ip.w
98.212]
6 2 ms 2 ms 2 ms h200.58.132.40.static.ip.w
58.200]
7 38 ms 38 ms 38 ms 198.32.132.165
8 42 ms 42 ms 42 ms be38.trmc0215-01.ars.mgmt.
]
9 41 ms 42 ms 42 ms be38.trmc0215-01.ars.mgmt.
]
10 39 ms 38 ms 38 ms ip-97-74-255-129.ip.secure
129]
11 42 ms 41 ms 41 ms p3nw8shg322.shr.prod.phx3.
168.46.68]
Trace complete.
so this is probably your internal DNS not resolving it, if I ping homesteadhospice.net and homesteadhospice.com they resolve to 184.168.46.68.
Sense you are using an internal DNS, can you test your external DNS server you are hitting as well. You must have something off internally
Sense you are using an internal DNS, can you test your external DNS server you are hitting as well. You must have something off internally
try adding a zone (primary) for homesteadhospice.net give it the IP 184.168.46.68
ping homesteadhospice.net shoud get reply
Might have to add an A record under that zone as: www
ping homesteadhospice.net shoud get reply
Might have to add an A record under that zone as: www
10.0.1.1 is the local network for the building I'm in...corporate HQ. Assigned by Windstream. Each of the 20 offices has its own - 10.0.2.1, 10.0.3.1, etc. All internet access is routed through Windstream's cloud firewall. DHCP is handled by the Windstream routers in the branch offices and by the L3 switch in the corporate office. Some Cisco engineers we contracted set up the VLANs in the corporate office. DNS servers are 192.168.10.2 (primary), which is the domain controller. Secondary DNS servers are whatever Windstream DNS server is local to that office.
We cannot hit the website using .net from any of the offices,
I don't know of the 172.16.0.1 network. I will need to ask the Cisco guys if they have something to do with that.
It sounds more and more like it is the DNS on the domain controller. Funny, because it has worked for four years in its current configuration.
We cannot hit the website using .net from any of the offices,
I don't know of the 172.16.0.1 network. I will need to ask the Cisco guys if they have something to do with that.
It sounds more and more like it is the DNS on the domain controller. Funny, because it has worked for four years in its current configuration.
have you tried the same nslookup on the DC? 172.16.0.1 could be windstream too.
what if you make a temp change on a workstation to a public dns like 8.8.8.8 which is google's
what if you make a temp change on a workstation to a public dns like 8.8.8.8 which is google's
NSLOOKUP from the command line on the domain controller
There does appear to be a forward lookup zone for homesteadhospice.net. I am beginning to think that when I configured Lync that it wiped out something.
I would like to provide a screenshot for you. Is there a way to do that without having the whole planet see it?
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\>nslookup
Default Server: hhserver.hhnet.local
Address: 192.168.10.2
> nslookup homesteadhospice.net
*** Can't find address for server homesteadhospice.net: Non-authoritative answer
> nslookup homesteadhospice.com
Server: homesteadhospice.com
Address: 184.168.46.68
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to homesteadhospice.com timed-out
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\>nslookup
Default Server: hhserver.hhnet.local
Address: 192.168.10.2
> nslookup homesteadhospice.net
*** Can't find address for server homesteadhospice.net: Non-authoritative answer
> nslookup homesteadhospice.com
Server: homesteadhospice.com
Address: 184.168.46.68
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to homesteadhospice.com timed-out
There does appear to be a forward lookup zone for homesteadhospice.net. I am beginning to think that when I configured Lync that it wiped out something.
I would like to provide a screenshot for you. Is there a way to do that without having the whole planet see it?
can you also check the dns server you are using externally?
in dns it would be the forwarder under properties,
then use nslookup, then server and ip address
c:\nslookup
> server 8.8.8.8 (for example)
should return
Default Server: google-public-dns-a.google
Address: 8.8.8.8
then
> homesteadhospice.net
Server: google-public-dns-a.google
Address: 8.8.8.8
Non-authoritative answer:
Name: homesteadhospice.net
Address: 184.168.46.68
in dns it would be the forwarder under properties,
then use nslookup, then server and ip address
c:\nslookup
> server 8.8.8.8 (for example)
should return
Default Server: google-public-dns-a.google
Address: 8.8.8.8
then
> homesteadhospice.net
Server: google-public-dns-a.google
Address: 8.8.8.8
Non-authoritative answer:
Name: homesteadhospice.net
Address: 184.168.46.68
This is from my workstation.
66.240.67.234 and 216.199.0.132 are the Windstream DNS servers. Our DHCP hands out 192.168.102 as the primary DNS, 66.240.67.234 as the secondary and 216.199.0.132 as the tertiary.
Tried a couple of other Windstream DNS servers in Georgia and they returned the same results.
Haven't yet checked with our Cisco guys or with Windstream to find out where the 172.16.0.1 network came from.
C:\>nslookup
Default Server: hhserver.hhnet.local
Address: 192.168.10.2
> server 8.8.8.8
Default Server: google-public-dns-a.google
Address: 8.8.8.8
> homesteadhospice.net
Server: google-public-dns-a.google
Address: 8.8.8.8
Non-authoritative answer:
Name: homesteadhospice.net
Address: 184.168.46.68
> homesteadhospice.com
Server: google-public-dns-a.google
Address: 8.8.8.8
Non-authoritative answer:
Name: homesteadhospice.com
Address: 184.168.46.68
> server 66.240.67.234
Default Server: nsatl.fdn.com
Address: 66.240.67.234
> homesteadhospice.net
Server: nsatl.fdn.com
Address: 66.240.67.234
Non-authoritative answer:
Name: homesteadhospice.net.HHNET
Addresses: 198.105.244.65
198.105.254.65
> homesteadhospice.com
Server: nsatl.fdn.com
Address: 66.240.67.234
Non-authoritative answer:
Name: homesteadhospice.com.HHNET
Addresses: 198.105.244.65
198.105.254.65
> server 216.199.0.132
Default Server: nsjax.fdn.com
Address: 216.199.0.132
> homesteadhospice.net
Server: nsjax.fdn.com
Address: 216.199.0.132
Non-authoritative answer:
Name: homesteadhospice.net.HHNET
Addresses: 198.105.244.65
198.105.254.65
> homesteadhospice.com
Server: nsjax.fdn.com
Address: 216.199.0.132
Non-authoritative answer:
Name: homesteadhospice.com.HHNET
Addresses: 198.105.244.65
198.105.254.65
Default Server: hhserver.hhnet.local
Address: 192.168.10.2
> server 8.8.8.8
Default Server: google-public-dns-a.google
Address: 8.8.8.8
> homesteadhospice.net
Server: google-public-dns-a.google
Address: 8.8.8.8
Non-authoritative answer:
Name: homesteadhospice.net
Address: 184.168.46.68
> homesteadhospice.com
Server: google-public-dns-a.google
Address: 8.8.8.8
Non-authoritative answer:
Name: homesteadhospice.com
Address: 184.168.46.68
> server 66.240.67.234
Default Server: nsatl.fdn.com
Address: 66.240.67.234
> homesteadhospice.net
Server: nsatl.fdn.com
Address: 66.240.67.234
Non-authoritative answer:
Name: homesteadhospice.net.HHNET
Addresses: 198.105.244.65
198.105.254.65
> homesteadhospice.com
Server: nsatl.fdn.com
Address: 66.240.67.234
Non-authoritative answer:
Name: homesteadhospice.com.HHNET
Addresses: 198.105.244.65
198.105.254.65
> server 216.199.0.132
Default Server: nsjax.fdn.com
Address: 216.199.0.132
> homesteadhospice.net
Server: nsjax.fdn.com
Address: 216.199.0.132
Non-authoritative answer:
Name: homesteadhospice.net.HHNET
Addresses: 198.105.244.65
198.105.254.65
> homesteadhospice.com
Server: nsjax.fdn.com
Address: 216.199.0.132
Non-authoritative answer:
Name: homesteadhospice.com.HHNET
Addresses: 198.105.244.65
198.105.254.65
66.240.67.234 and 216.199.0.132 are the Windstream DNS servers. Our DHCP hands out 192.168.102 as the primary DNS, 66.240.67.234 as the secondary and 216.199.0.132 as the tertiary.
Tried a couple of other Windstream DNS servers in Georgia and they returned the same results.
Haven't yet checked with our Cisco guys or with Windstream to find out where the 172.16.0.1 network came from.
that is your problem, if your DC is using the windstream servers as there forwarders, then the return is wrong, based on what I see the two windstream servers returning. Try changing your DNS server to use 8.8.8.8 and 8.8.4.4 and see if the problem fixes, you may have to clear it's cache or wait an hour.
It looks like windstream has something in their DNS that is causing a problem.
It looks like windstream has something in their DNS that is causing a problem.
Experts Exchange Solution brought to you by
Your issues matter to us.
Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.
Start your 7-day free trial
Guys,
I certainly appreciate all the help and suggestions you have been offering.
I am off-site again, addressing issues at a new office. I will try your suggestions as soon as I can and report back.
I certainly appreciate all the help and suggestions you have been offering.
I am off-site again, addressing issues at a new office. I will try your suggestions as soon as I can and report back.
Gentlemen,
I believe the problem is in the DNS on my domain controller and I believe it was changed when I set up Lync through Office 365. I spoke at length with the webmaster and she said the problem began after March 2015, which is when I configured Lync.
I have to go to a remote office out of state for a week or so and won't be able to focus on this for that length of time. I split the points because each of you helped me zero in on the problem.
This is not a mission-critical problem so I will look further into it when I am back in the office.
Meanwhile, thanks for all your help.
Gregg
I believe the problem is in the DNS on my domain controller and I believe it was changed when I set up Lync through Office 365. I spoke at length with the webmaster and she said the problem began after March 2015, which is when I configured Lync.
I have to go to a remote office out of state for a week or so and won't be able to focus on this for that length of time. I split the points because each of you helped me zero in on the problem.
This is not a mission-critical problem so I will look further into it when I am back in the office.
Meanwhile, thanks for all your help.
Gregg
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking
From novice to tech pro — start learning today.
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get every solution instantly with Premium.
Start your 7-day free trial.