none
Can't access a website with the internal DNS RRS feed

  • Question

  • Our client is running Windows 2008 R2 as DC/DNS. Every thing works except they can’t access their website hosted by a
    hosting company. They get "The webpage cannot be found". However, if they replace the internal DNS (192.168.1.3 that is also DC/DNS IP address) with
    their ISP DNS, they can access the website. All inside computers with the internal DNS have this problem. They don't have the problem to access other
    websites.

    If I ping nyrp.org, the public IP is x.x.x.x. However, I can’t access the website using the IP x.x.x.x in any Internet computers (inside or outside).

    What could be the problem?



    Bob Lin, MVP, MCSE & CNE Networking, Internet, Routing, VPN Troubleshooting on

    http://www.ChicagoTech.net

    How to Setup Windows, Network, VPN & Remote Access on

    http://www.howtonetworking.com


    Tuesday, May 28, 2013 2:01 AM

Answers

  • OK, lets go thru each item...

    The most likely reason you can access nyrp.org by name and not IP is the web server is using host headers, aka many domains are being hosted on one server with the same IP address and the only way the server knows which web site it should serve is by the host name in the request.

    You will need to do some trouble shooting for the DNS. When they ping nyrp.org from the LAN what do they get? Does it resolve? Does it resolve to the correct public IP?

    If it does not resolve at all, it is likely the DNS server is not reaching the Internet to do the lookups/forwards.

    If it resolves to a private IP then they have split DNS and will need records in their scope for the public IP of the nyrp.org.

    If it resolves to the correct public IP, then there is something blocking the traffic like a firewall, proxy and/or content filter.

    • Marked as answer by chicagotech Tuesday, May 28, 2013 9:19 PM
    Tuesday, May 28, 2013 4:26 AM
  • Hi Bob,

    I hope everything is going well.

    On your internal DNS server, is nyrp.org your internal AD domain name?

    I see that your local DNS resolves nyrp.org to 174.129.248.149. How about when you type in www.nyrp.org?

    From my findings, when I type in www.nyrp.org, it works fine. However, when I type in http://nyrp.org, (without the www in it), it always redirects to www.nyrp.org.

    Therefore, it appears you need an  "www" 'A' host record under nyrp.org with IP 174.129.248.149.

    -


    Ace Fekay
    MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    • Marked as answer by chicagotech Tuesday, May 28, 2013 9:19 PM
    Tuesday, May 28, 2013 5:13 AM

All replies

  • OK, lets go thru each item...

    The most likely reason you can access nyrp.org by name and not IP is the web server is using host headers, aka many domains are being hosted on one server with the same IP address and the only way the server knows which web site it should serve is by the host name in the request.

    You will need to do some trouble shooting for the DNS. When they ping nyrp.org from the LAN what do they get? Does it resolve? Does it resolve to the correct public IP?

    If it does not resolve at all, it is likely the DNS server is not reaching the Internet to do the lookups/forwards.

    If it resolves to a private IP then they have split DNS and will need records in their scope for the public IP of the nyrp.org.

    If it resolves to the correct public IP, then there is something blocking the traffic like a firewall, proxy and/or content filter.

    • Marked as answer by chicagotech Tuesday, May 28, 2013 9:19 PM
    Tuesday, May 28, 2013 4:26 AM
  • The DNS looks good and nslookup can resolve nyrp.orgas shown below.
    C:\Users\Administrator>nslookup
    Default Server:  autodiscover.domain.local
    Address:  192.168.1.3

    > nyrp.org
    Server:  autodiscover.domain.local
    Address:  192.168.1.3

    Name:    domain.org
    Address:  x.x.x.x

    We don't use proxy. I also checked firewall and content filter. They don't block the website. Remember if I replace the internal DNS with ISP DNS, then the computer can access the nyrp.org.


    Bob Lin, MVP, MCSE & CNE Networking, Internet, Routing, VPN Troubleshooting on

    http://www.ChicagoTech.net

    How to Setup Windows, Network, VPN & Remote Access on

    http://www.howtonetworking.com


    Tuesday, May 28, 2013 4:34 AM
  • Hi Bob,

    I hope everything is going well.

    On your internal DNS server, is nyrp.org your internal AD domain name?

    I see that your local DNS resolves nyrp.org to 174.129.248.149. How about when you type in www.nyrp.org?

    From my findings, when I type in www.nyrp.org, it works fine. However, when I type in http://nyrp.org, (without the www in it), it always redirects to www.nyrp.org.

    Therefore, it appears you need an  "www" 'A' host record under nyrp.org with IP 174.129.248.149.

    -


    Ace Fekay
    MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    • Marked as answer by chicagotech Tuesday, May 28, 2013 9:19 PM
    Tuesday, May 28, 2013 5:13 AM
  • Hi Ace,

    Thank you for the tip. I found the client created external domain DNS last night. I fixed the problem by deleting the external DNS. I do beleive adding www to the external DNS will fix the problem too. Thank you.

    Percula, you are correct about host headers. So, thank you.

    I have posted troubleshooting steps and resolution in this link:

    LAN computers can't access company website with the internal DNS - Resolution with screenshots


    Bob Lin, MVP, MCSE & CNE Networking, Internet, Routing, VPN Troubleshooting on

    http://www.ChicagoTech.net

    How to Setup Windows, Network, VPN & Remote Access on

    http://www.howtonetworking.com


    Tuesday, May 28, 2013 2:13 PM
  • Hi Bob,

    Glad I could help. Also, you may want to review the following for additional information and scenarios:

    Can't Access Website with Same Name (Split Zone or no Split Brain)
    Published by Ace Fekay, MCT, MVP DS on Sep 4, 2009 at 12:11 AM  1278  0
    Note - In an AD same name as the external name (split zone) scenario, if you don't want to use WWW in front of URL, such as to access it by http://domain.com, then scroll down to "So you don't want to use WWW in front of the domain name"
    http://msmvps.com/blogs/acefekay/archive/2009/09/04/split-zone-or-no-split-zone-can-t-access-internal-website-with-external-name.aspx

    -

    FYI, I clicked on your link, however I was prompted to update my Flash player. My Flash player is up to date, having updated it last week. I believe your site has been compromised and is prompting for a fake Flash file. You may want to investigate further. 

    -


    Ace Fekay
    MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    Wednesday, May 29, 2013 2:43 AM