FST Solutions
asked on
Can't access website using FQDN
Greetings,
One of our clients is having problems accessing their website externally (Internet). The website is hosted locally on a web server. The website can be accessed using their pubic IP but not the FQDN.
When we try using the FQDN, we get a "site can't be reached" message stating that the private IP for the web server cannot be reached.
We ran nslookup for the FQDN and it pointed to the correct public IP. We ran a tracert and it pointed to the correct public IP. The settings on the web server appear to be correct (using IIS).
We suspect that this is a DNS issue and would appreciate any help in solving this issue!
Cheers!!
One of our clients is having problems accessing their website externally (Internet). The website is hosted locally on a web server. The website can be accessed using their pubic IP but not the FQDN.
When we try using the FQDN, we get a "site can't be reached" message stating that the private IP for the web server cannot be reached.
We ran nslookup for the FQDN and it pointed to the correct public IP. We ran a tracert and it pointed to the correct public IP. The settings on the web server appear to be correct (using IIS).
We suspect that this is a DNS issue and would appreciate any help in solving this issue!
Cheers!!
ASKER
From my computer at our office, outside of our clients network.
this is typical of an external webserver on the same domain as the internal network. add an A record
A www <externalipaddress>
and have the users prepend www to domain.com
if you do a nslookup from inside the domain
nslookup domain.com will return one of the domain controllers internal address
nslookup www.domain.com will now point to the proper external address.
A www <externalipaddress>
and have the users prepend www to domain.com
if you do a nslookup from inside the domain
nslookup domain.com will return one of the domain controllers internal address
nslookup www.domain.com will now point to the proper external address.
ASKER
Hello David,
The local domain is different than the website domain: mydomain.lan vs mydomain.com
The local domain is different than the website domain: mydomain.lan vs mydomain.com
You'll arrange, in your Web server config, for both mydomain.lan + mydomain.com to serve content fro the same DocumentRoot directory.
Then arrange for the public IP to proxy through to the local IP.
Refer to your logs for debugging info. Should be fairly clear using nslookup (inside + outside DMZ), correlated with log data to resolve any problems.
If you require additional assistance provide the exact domain name.
Then arrange for the public IP to proxy through to the local IP.
Refer to your logs for debugging info. Should be fairly clear using nslookup (inside + outside DMZ), correlated with log data to resolve any problems.
If you require additional assistance provide the exact domain name.
ASKER
Hi David Favor,
This has been setup correctly but the problem still exists.
This has been setup correctly but the problem still exists.
"The web site is hosted internally".
Split the DNS.
On your DC/DNS server set up a new AD Integrated zone for domain.com.
Once complete set up two DNS A records:
@ 192.168.99.99 (Internal IP of the Web Server)
www A/A
That should fix it.
EDIT: @ = blank in the host name for the record in Windows DNS.
Split the DNS.
On your DC/DNS server set up a new AD Integrated zone for domain.com.
Once complete set up two DNS A records:
@ 192.168.99.99 (Internal IP of the Web Server)
www A/A
That should fix it.
EDIT: @ = blank in the host name for the record in Windows DNS.
ASKER
Thank you Philip,
I have created the new zone and two A records.
Does it take some time for the records to propagate to the Internet?
I have created the new zone and two A records.
Does it take some time for the records to propagate to the Internet?
The new zones are purely for the folks on the inside_ of the network where the problems are happening.
Since the site is hosted internally, it's best to split the DNS so that clients don't try and exit/traverse the WAN IP/Port as some edge devices and/or ISPs don't like that.
Since the site is hosted internally, it's best to split the DNS so that clients don't try and exit/traverse the WAN IP/Port as some edge devices and/or ISPs don't like that.
Clarification: The Forward Lookup Zones were created on the internal domain DNS servers right?
Not private IP addresses set to the public DNS A records?
Not private IP addresses set to the public DNS A records?
ASKER
I see.
The problem however is when you try and access the website outside of the LAN.
When you search for "mydomain.com" it gets redirected to the local IP of the web server that hosts the site and can't be found.
Edit: That is correct Philip, the zones were created within the internal DNS.
The problem however is when you try and access the website outside of the LAN.
When you search for "mydomain.com" it gets redirected to the local IP of the web server that hosts the site and can't be found.
Edit: That is correct Philip, the zones were created within the internal DNS.
Then the Internet DNS A records for
@ = WAN IP on Edge
WWW = WAN IP on Edge
The Internet DNS needs to point to the public IP address on the edge/router which in turn would have forwarding rules for HTTP/HTTPS to the internal IP of the web server.
@ = WAN IP on Edge
WWW = WAN IP on Edge
The Internet DNS needs to point to the public IP address on the edge/router which in turn would have forwarding rules for HTTP/HTTPS to the internal IP of the web server.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Checking that was in my last post?
From where did you run those tests?