Can't Get to Website From Internal Network

Our company website is abccompany.com while our e-mail domain is .net, i.e., elduderino@abccompany.net. Long story behind that but it hasn't been a problem until now.

GoDaddy is our webhosting provider and has pointed .com and .net to the site. This has worked for the last four years. Now, nobody can get to site using .net from inside our network but using .com works. At home, at Starbuck's, in a hotel....no problem with using either .com or .net. The DNS settings on the GoDaddy console look correct and I certainly haven't changed any of them. Only the webmaster and I have access to the GoDaddy account and she said that she hasn't changed anything.

My network:
Windows Server 2008 R2 - domain controller (AD, Peachtree Accounting and files)
Windows Server 2008 R2 - app server (a print management app and a knowledge base using IIS)
Using Active Directory
Ubiquiti UniFi APs and controller
60-70 wireless devices, 25 wired devices (printers and desktops)

Using VLANs
192.168.1.1 - management network
192.168.10.x - wired devices
192.168.15.x - VoIP phones
192.168.20.x - wireless devices
192.168.25.x - not used at this time

We have MPLS and a cloud firewall through our provider, Windstream. It hasn't given us any problems in the past and I haven't talked to them yet about this issue.

Does this sound like an internal issue and, if so, where do I start looking? If I'm in the wrong forum, please advise.
gbrookeAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

QlemoBatchelor, Developer and EE Topic AdvisorCommented:
Are you using the .net domain internally (as Windows Domain name)?
0
Bryant SchaperCommented:
Check what each one resolves to in DNS as well, or ping them
0
gbrookeAuthor Commented:
We are not using the .net as the Windows domain. That is a completely different name from the website and uses .local.

DNS on the 2008 R2 box?
0
What were the top attacks of Q1 2018?

The Threat Lab team analyzes data from WatchGuard’s Firebox Feed, internal and partner threat intelligence, and a research honeynet, to provide insightful analysis about the top threats on the Internet. Check out our Q1 2018 report for smart, practical security advice today!

Bryant SchaperCommented:
Yes, or whatever your clients are using.
0
ktaczalaCommented:
You say that .com AND .net worked for the past four years? But now it doesn't.  Has any changes been made at your end?

Does it work if you use www.abccompany.net?
If you do a whois lookup does abccompany.net point to the website (abccompany.com)
0
gbrookeAuthor Commented:
Yes, .com and .net both worked for the past four years. I have not made changes to the GoDaddy DNS settings nor to the DNS configuration on the domain controller. The webmaster has access to GoDaddy but she said she hasn't changed anything.

Trying to hit the site with http://www.abccompany.net does not work from the inside but it works from the outside.

Whois for abccompany.net didn't shed any light on the problem but, though I already looked, I called GoDaddy and went through the DNS settings with them. It's all correct.  

I am working off-site the next day or so but will try to look at the DNS on the domain controller to see what I can see.
0
ktaczalaCommented:
What's your MX record?  something like mail.abccompany.net?  Do you have a zone in AD for your email?  i.e. abccompany.net and an A record for mail in that zone?
0
QlemoBatchelor, Developer and EE Topic AdvisorCommented:
Check that you get the correct IP address for  http://www.abccompany.net from inside. If so, I would try a tracert to that address.
0
Bryant SchaperCommented:
Yes, what we need to know is that abccompany.net and .com resolve internally to the same location.  From a workstation you can do nslookup abccompany.net and nslookup abccompany.com for a command prompt.
0
QlemoBatchelor, Developer and EE Topic AdvisorCommented:
ANd resolving to the same address is correct???
0
gbrookeAuthor Commented:
Was out of the office for a few days. I am working on getting the information requested now.
0
gbrookeAuthor Commented:
MX record is homesteadhospice-com.mail.protection.outlook.com for the .com and homesteadhospice-net.mail.protection.outlook.com for the .net.

There is no zone in AD for e-mail.

NSLOOKUP results:

C:\>nslookup
Default Server:  hhserver.hhnet.local
Address:  192.168.10.2

> nslookup homesteadhospice.net
*** Can't find address for server homesteadhospice.net: Non-authoritative answer

> nslookup homesteadhospice.com
Server:  homesteadhospice.com
Address:  184.168.46.68

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
*** Request to homesteadhospice.com timed-out

I confirmed with GoDaddy that 184.168.46.68 is the correct IP address.

TRACERT for that IP:

C:\>tracert 184.168.46.68

Tracing route to p3nw8shg322.shr.prod.phx3.secureserver.net [184.168.46.68]
over a maximum of 30 hops:

  1     1 ms     1 ms     1 ms  192.168.10.1
  2    <1 ms    <1 ms    <1 ms  10.0.1.1
  3     2 ms     3 ms     1 ms  172.16.0.1
  4     2 ms     2 ms     2 ms  crit-asfo0ain.sfo0.cbeyond.net [192.168.250.1]
  5     2 ms     2 ms     2 ms  h212.98.132.40.static.ip.windstream.net [40.132.
98.212]
  6     2 ms     2 ms     2 ms  h200.58.132.40.static.ip.windstream.net [40.132.
58.200]
  7    38 ms    38 ms    38 ms  198.32.132.165
  8    42 ms    42 ms    42 ms  be38.trmc0215-01.ars.mgmt.phx3.gdg [184.168.0.69
]
  9    41 ms    42 ms    42 ms  be38.trmc0215-01.ars.mgmt.phx3.gdg [184.168.0.69
]
 10    39 ms    38 ms    38 ms  ip-97-74-255-129.ip.secureserver.net [97.74.255.
129]
 11    42 ms    41 ms    41 ms  p3nw8shg322.shr.prod.phx3.secureserver.net [184.
168.46.68]

Trace complete.
0
Bryant SchaperCommented:
so this is probably your internal DNS not resolving it, if I ping homesteadhospice.net and homesteadhospice.com they resolve to 184.168.46.68.

Sense you are using an internal DNS, can you test your external DNS server you are hitting as well.  You must have something off internally
0
ktaczalaCommented:
try adding a zone (primary) for homesteadhospice.net give it the IP 184.168.46.68
ping homesteadhospice.net shoud get reply
Might have to add an A record under that zone as: www
0
Bryant SchaperCommented:
who are these private networks?

 2    <1 ms    <1 ms    <1 ms  10.0.1.1
   3     2 ms     3 ms     1 ms  172.16.0.1
0
gbrookeAuthor Commented:
10.0.1.1 is the local network for the building I'm in...corporate HQ. Assigned by Windstream. Each of the 20 offices has its own - 10.0.2.1, 10.0.3.1, etc. All internet access is routed through Windstream's cloud firewall. DHCP is handled by the Windstream routers in the branch offices and by the L3 switch in the corporate office. Some Cisco engineers we contracted set up the VLANs in the corporate office. DNS servers are 192.168.10.2 (primary), which is the domain controller. Secondary DNS servers are whatever Windstream DNS server is local to that office.

We cannot hit the website using .net from any of the offices,

I don't know of the 172.16.0.1 network. I will need to ask the Cisco guys if they have something to do with that.

It sounds more and more like it is the DNS on the domain controller. Funny, because it has worked for four years in its current configuration.
0
Bryant SchaperCommented:
have you tried the same nslookup on the DC?  172.16.0.1 could be windstream too.

what if you make a temp change on a workstation to a public dns like 8.8.8.8 which is google's
0
gbrookeAuthor Commented:
NSLOOKUP from the command line on the domain controller

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\>nslookup
Default Server:  hhserver.hhnet.local
Address:  192.168.10.2

> nslookup homesteadhospice.net
*** Can't find address for server homesteadhospice.net: Non-authoritative answer

> nslookup homesteadhospice.com
Server:  homesteadhospice.com
Address:  184.168.46.68

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
*** Request to homesteadhospice.com timed-out

There does appear to be a forward lookup zone for homesteadhospice.net. I am beginning to think that when I configured Lync that it wiped out something.

I would like to provide a screenshot for you. Is there a way to do that without having the whole planet see it?
0
Bryant SchaperCommented:
you can click on my name and message me, that could make sense, if it altered the DNS records.
0
Bryant SchaperCommented:
can you also check the dns server you are using externally?

in dns it would be the forwarder under properties,

then use nslookup, then server and ip address

c:\nslookup
> server 8.8.8.8 (for example)

should return
Default Server:  google-public-dns-a.google.com
Address:  8.8.8.8

then

> homesteadhospice.net
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Non-authoritative answer:
Name:    homesteadhospice.net
Address:  184.168.46.68
0
gbrookeAuthor Commented:
This is from my workstation.

C:\>nslookup
Default Server:  hhserver.hhnet.local
Address:  192.168.10.2

> server 8.8.8.8
Default Server:  google-public-dns-a.google.com
Address:  8.8.8.8

> homesteadhospice.net
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Non-authoritative answer:
Name:    homesteadhospice.net
Address:  184.168.46.68

> homesteadhospice.com
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Non-authoritative answer:
Name:    homesteadhospice.com
Address:  184.168.46.68

> server 66.240.67.234
Default Server:  nsatl.fdn.com
Address:  66.240.67.234

> homesteadhospice.net
Server:  nsatl.fdn.com
Address:  66.240.67.234

Non-authoritative answer:
Name:    homesteadhospice.net.HHNET.local
Addresses:  198.105.244.65
          198.105.254.65

> homesteadhospice.com
Server:  nsatl.fdn.com
Address:  66.240.67.234

Non-authoritative answer:
Name:    homesteadhospice.com.HHNET.local
Addresses:  198.105.244.65
          198.105.254.65

> server 216.199.0.132
Default Server:  nsjax.fdn.com
Address:  216.199.0.132

> homesteadhospice.net
Server:  nsjax.fdn.com
Address:  216.199.0.132

Non-authoritative answer:
Name:    homesteadhospice.net.HHNET.local
Addresses:  198.105.244.65
          198.105.254.65

> homesteadhospice.com
Server:  nsjax.fdn.com
Address:  216.199.0.132

Non-authoritative answer:
Name:    homesteadhospice.com.HHNET.local
Addresses:  198.105.244.65
          198.105.254.65

66.240.67.234 and 216.199.0.132 are the Windstream DNS servers. Our DHCP hands out 192.168.102 as the primary DNS, 66.240.67.234 as the secondary and 216.199.0.132 as the tertiary.

Tried a couple of other Windstream DNS servers in Georgia and they returned the same results.

Haven't yet checked with our Cisco guys or with Windstream to find out where the 172.16.0.1 network came from.
0
Bryant SchaperCommented:
that is your problem, if your DC is using the windstream servers as there forwarders, then the return is wrong, based on what I see the two windstream servers returning.  Try changing your DNS server to use 8.8.8.8 and 8.8.4.4 and see if the problem fixes, you may have to clear it's cache or wait an hour.

It looks like windstream has something in their DNS that is causing a problem.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
gbrookeAuthor Commented:
Guys,

I certainly appreciate all the help and suggestions you have been offering.

I am off-site again, addressing issues at a new office. I will try your suggestions as soon as I can and report back.
0
gbrookeAuthor Commented:
Gentlemen,

I believe the problem is in the DNS on my domain controller and I believe it was changed when I set up Lync through Office 365. I spoke at length with the webmaster and she said the problem began after March 2015, which is when I configured Lync.

I have to go to a remote office out of state for a week or so and won't be able to focus on this for that length of time. I split the points because each of you helped me zero in on the problem.

This is not a mission-critical problem so I will look further into it when I am back in the office.

Meanwhile, thanks for all your help.

Gregg
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.