Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Cannot view own website from internal network 1

Status
Not open for further replies.
fandabbydosey

fandabbydosey

MIS
Oct 23, 2003
108
GB
Hello,

I am having trouble viewing our own website using a client connected to our internal network. If you are outside of the network then the website is viewable.

The website is hosted outside of the network with our ISP, they tell me the problem is caused by the domain of the website being the same as the domain used on my internal network. But I dont know how to fix it.

I have 2 x Win2003 DNS servers on my network...

192.168.0.1
192.168.0.2

I have a router and pix fiewall which enables internet connection for everyone on the network.
The router is setup with an IP address of 192.168.0.15 which is set as the gateway IP address on all clients.

The DNS setup on the client is...

192.168.0.1
192.168.0.2

With the above setup, the client cannot view the website, nor can I establish an FTP connection to the webspace.

If I change the DNS IP addresses of the client to the point to our ISP DNS servers then I can view the website ok, and I can establish an FTP conection without any problems.

Having the ISP DNS addresses set to the front causes slow and intermittant problems with internal DNS resolution for the client. So this is not an option for me.

I have tried to setup a forwarder on my 2003 DNS servers to the ISP DNS servers but it makes no difference.

Has anyone got any ideas? I believe there maybe some DNS tweaks/changes needed to make it work.

Thanks in advance
Fandab
 
Sort by date Sort by votes
Your internal DNS servers assume they are the authority for your domain, let's say company.com. Therefore, whenever an internal client makes a request for the internal DNS server will only look at its own records. Try adding a "New Host(A)" record for whatever your webserver's name is) on the internal server using the external IP address.

See if that helps.
 
Upvote 0 Downvote
Hi,

Thanks for your reply. I tried putting in in the name section of the record and put the external IP address, but it did not change anything.

I also tried leaving the name blank this using the parent name, and putting the external IP address in but still no change.

Any more ideas? Do I have restart the DNS service do you think?

Thanks
Fandab
 
Upvote 0 Downvote
You don't have to restart DNS. Also, you don't need the full name as an A record. It's based on the Forward Lookup Zone name. You should see a tree structure under foward lookup zones that's named company.com. When you enter an A record for of the company.com zone, it translates to
A couple more things to try:
1. Flush the DNS cache from the client. Use the "ipconfig /flushdns" command after you make any change. This will force the client to make a DNS query.

2. Use nslookup from the client. From a command prompt, type "nslookup" (without the " of course). This will connect you to the DNS server configured on the client. You'll see a > prompt. Type the full name of the webserver ( You should get the external IP address of the webserver if the DNS server is configured correctly. If you see a "Non-authoritative answer:", that means the DNS server had to query its forwarding DNS server to get the answer. You do not want to see this.

3. Try just nslookup. Because your domain is named the same as your external, it should also resolve it.

Keep us posted. We'll eventually figure it out. Unfortunately, DNS is probably the biggest source of problems with AD domains. We're trying to track down a DNS issue here as well.
 
Upvote 0 Downvote
Hi,

Thanks, I created the new A record with the full name as with the external IP address.

It created an extra folder within the tree structure of the DNS tree, as I expand the tree I can see the structure of the domain name
I flushed the DNS on the client, and tried but still no page available.

I tried NS lookup...

and it returned...

Default Server: myserver.mycompany.com
Address: 192.168.0.1

> Server: myserver.mycompany.com
Address: 192.168.0.1

Name: Address: 000.000.000.000 - my external IP

I also tried got the following..

> www
Server: myserver.com.mycompany.com
Address: 192.168.0.1

Non-authoritative answer:
Name: Address: 000.000.000.000 - my external IP

I can see that is resolving the external IP address to the name, is it worrying that a non-authoritive answer?

I dont have any specified forwarders setup on my DNS srvers, only the root hints by default.

Its strange that if I set my ISP DNS server as the primary DNS server on my client then it works perfectly. NSLOOKUP then uses the ISP dns server to do it resolving so the results are...

Default Server: myisp.com
Address: 000.000.000.000 - my isp ip address

> Server: myisp.com
Address: 000.000.000.000 - my isp ip address

Non-authoritative answer:
Name: web1.myisp.com
Address: 000.000.000.000 - my websites external ip address
Aliases:
Any ideas?

Huge thanks.
 
Upvote 0 Downvote
Unless this was just a copy and paste mistake, this is not correct:
> Server: myserver.mycompany.com
Address: 192.168.0.1

Name: Address: 000.000.000.000 - my external IP
Click to expand...
You only want an A record, not Try deleting the entry and re-entering it under the company.com forward lookup zone.

Once that is done, try to ping from the client. That should also resolve to the external address. It's OK if you don't get a response because of firewalls, etc. At least you will see what the client is getting as a resolved IP address.
 
Upvote 0 Downvote
Glad to hear things are working, fandabbydosey.

Because you are now providing DNS for your internal clients, another thing to watch out for is email. If you provide email addresses (fandabbydosey@company.com) for your employees, you also need to add an MX (mail exchanger) record. This is different than providing name resolution for your mail server. You can have an A record for mail.company.com, but unless you also have an MX record pointing to your mail server, email will not work internally.

Good luck and thanks for letting the community know the results. It helps us all learn.

- wahooguy
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

DTGMI
  • Locked
  • Question
WIN 10 Pro PC & Adding back to our Network
Replies
0
Views
204
DTGMI
DTGMI
dpellegrini
  • Locked
  • Question
Website will load using hostname but not IP address
Replies
3
Views
447
mangentle
mangentle
mangentle
  • Locked
  • Question
What could be the potential causes if a Microsoft Windows Server is experiencing slow network!
Replies
1
Views
406
gbaughma
gbaughma
goombawaho
  • Locked
  • Question
Domain join from wifi connected laptop
Replies
4
Views
373
goombawaho
goombawaho
nukeinfer
  • Locked
  • Question
Internet restrictions for isolated PCs in the Network
Replies
1
Views
210
mangentle
mangentle

Part and Inventory Search

Sponsor

Back
Top