Internally resolving a domain - works outside our DNS

Moises
Moises used Ask the Experts™
on
We now have two websites that we cannot reach from the inside our our domain/network. We don't have a DNS zone for these domains in our DNS and its not the same as our internal domain.

These domains have a forwarder on GoDaddy's public DNS to a page on our main website (https://domain.com/sitepage), this main website does not share a DNS zone in our internal DNS either. When we try this site outside of our DNS servers it works okay, some computers even work okay for one of the domains, totally weird. When you point DNS to Google on a computer that cannot resolve it, it works okay. When you ping the site from the outside and inside they go to the same IP which matches public DNS A records.

The only difference in when using NSLOOKUP is the server used to resolve the site, but it resolves to the same IP when we use our internal DNS.

Flushing DNS, registering DNS, clearing Cache on DNS servers, changing DNS server (3 DNS Servers) forwarders to something else does not seem to do the trick. All servers running Server 2012 R2 and Server 2016.

The webpage will end up telling you this (does not matter if you add https:// or https://www. or www.):

This site can’t be reached (website here) took too long to respond.
Search Google for (domain here) org
ERR_CONNECTION_TIMED_OUT
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Commented:
It's a bit confusing. First you said it doesn't resolve, later you say it resolves always to the same Public A record IP.
If it's a resolving problem, just add a DNS record on your own DNS server.
If it always resolves to the correct IP nr, then it's probably a firewall issue.

Commented:
check the Domain able to ping the google dns if yes. then add the following  n check.11.jpg
all the best

Author

Commented:
Kimputer, sorry for the confusion, the name resolves via command prompt in any scenario. Browser does not navigate to the page/forward entry in public DNS. I thought it could be a firewall issue but if you point DNS to 8.8.8.8 on any endpoint it will navigate just fine. Unless you are saying its a firewall issue where our DNS servers are not happy with our windows firewall or our internet firewall.

Sajid, yes we can resolve okay and have entries such as that one in our DNS forwarders.
Starting with Angular 5

Learn the essential features and functions of the popular JavaScript framework for building mobile, desktop and web applications.

Commented:
You should do a full network capture when using internal DNS, and when using Google's DNS. It's probably still a DNS issue, except you're resolving the main site which might not be the offending record. The offending records will show when you compare the network capture from with the internal DNS and with the Google DNS.

Author

Commented:
So it turned out to be a firewall application rule that was not allowing the traffic due to the change of port(s) and app type.
Resolved once we allowed any traffic to this GoDaddy IP (workaround while we map out our web server behavior).
Thanks for fully ignoring my first answer:

If it always resolves to the correct IP nr, then it's probably a firewall issue.

Open in new window

Author

Commented:
Thanks for the help on this Kimputer.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial