Questions

Not able to get to the company website internally

Tags:
+
0 Votes
Locked

Not able to get to the company website internally

GirlGeek12
I have a wierd situation. I have a company website that I can access anywhere but on the internal network. The actual page is hosted offsite. The domain is the same as our exchange domain. I have checked to make sure that DNS has a forward lookup record of the webpage and external IP of the page. I still can not get this thing up and running. I have flushed DNS, tried multiple pcs. I can ping the page and resolve the IP address by domain, just can not get to it. Any ideas?

BTW-Verios says it's my problem not theirs.
  • +
    0 Votes
    jdmercha

    How is your network configured? Can you connect a computer at your office that is outside your internal network? Does that reach the site?

    Do you have a firewall running? It sounds to me like a firewall is blocking port 80 for that address.

    +
    0 Votes

    .

    GirlGeek12

    I checked the firewall settings too. nothing is indicative of blocking that specific website. It's almost as if the network does not know that the webaddress is actually offsite not on our current network.
    I have done a tracert, it fails at a specific router on verios network.

    +
    0 Votes
    GirlGeek12

    outside of our network. Just not here. I called verios to see if there was any network trouble. They said no.

    +
    0 Votes
    sparkle_126

    there is no network trouble. It is a DNS issue, i feel, as the it is still looking inside the network and not outside, like it should be. Did you add a host in the forward lookup zone? I just want to be clear on that first.

    +
    0 Votes

    yup

    GirlGeek12

    Yeah there is a forward lookup zone created for the actual website. Let me give you some brief history. Back in October, I migrated my exchange server off of the domain controller and put it onto a seperate server. The exchange server is using the same domain name. On the domain controller, in DNS, the website is listed int he forward lookup zone. I verified the Ip address by pinging the name and having dns resolve it.
    Maybe the way the forward lookup zone is entered is incorrect. The forward lookup zone on the left is xxx.com. Then there is a record on the right that is named www with www.xxx.com for the full qualified domain name and the ip address that it translates to. There are other records listed for blackberry, and other servers on our network under that zone. The box for update associated ptr record is unchecked.

    I have flushed dns also. It has to be something to do with the dual names on the network. No other website is affected.

    +
    0 Votes
    sparkle_126

    www? Then the fqdn would be www.(domainmame.com) and then put in the resulting ip address. As well, if you put the ip address alone in the address bar, do you get to the page?

    Just curious

    +
    0 Votes
    GirlGeek12

    That's how it is entered. I have also tried just putting the ip address into IE. Nothing.

    +
    0 Votes
    CG IT

    Fully Qualified Domain Name is what you get from the Domain Registrar. Typically the name you want with a .com/net/org/ blah blah.

    That name means nothing on the internet until a Name Server is granted authoritative for the name and provides an address. The Registar inititally assigns their name servers as authoritative for the domain name. To have your own name servers be authoritative for your domain name, you must first register your name servers with the domain registar then assign them as authoritative for your name. Then create records which will resolve your name to your public IP address. That's for hosting your own web site with your own web servers on your own network using your publically assigned ISP address.

    Now, if you have a 3rd party web hosting company host your web site, their address is used to point any query for your site to their servers. If you happen to also have your internal network use the same FQDN as your web site, your going to have a problem getting to your web site from inside your network. That's because your internal DNS servers will resolve the query for your domian name and not forward them to root hint servers on the internet. So, you'll never get to see your hosted site internally unless you know the actual address.

    then you would have to type 10.0.0.0:80 in the address bar to see your web site. Remember, when you type in http://www.yourdomain.com what your really typing in is your address with the appropriate port #. [the example 10.0.0.0:80= http://www.yourdomain.com] That's all DNS does resolve a name to an address [forward lookup] or an address to a name [reverse lookup].

    I'll have to look on Microsoft Help and Support site for a KB article which solves the problem of 3rd party web hosting for a FQDN with the same internal FQDN for a private network.

    But that's the gist of your problem. Your users are asking for http://www.yourdomain.com and your internal DNS server will resolve that name to your server address because your internal network uses the same FQDN internall as externally. It will not fail to resolve therefore forward the failed query to internet root hint servers for resolution, therefore direct the query to the web hosting service hosting your web site.

  • +
    0 Votes
    jdmercha

    How is your network configured? Can you connect a computer at your office that is outside your internal network? Does that reach the site?

    Do you have a firewall running? It sounds to me like a firewall is blocking port 80 for that address.

    +
    0 Votes

    .

    GirlGeek12

    I checked the firewall settings too. nothing is indicative of blocking that specific website. It's almost as if the network does not know that the webaddress is actually offsite not on our current network.
    I have done a tracert, it fails at a specific router on verios network.

    +
    0 Votes
    GirlGeek12

    outside of our network. Just not here. I called verios to see if there was any network trouble. They said no.

    +
    0 Votes
    sparkle_126

    there is no network trouble. It is a DNS issue, i feel, as the it is still looking inside the network and not outside, like it should be. Did you add a host in the forward lookup zone? I just want to be clear on that first.

    +
    0 Votes

    yup

    GirlGeek12

    Yeah there is a forward lookup zone created for the actual website. Let me give you some brief history. Back in October, I migrated my exchange server off of the domain controller and put it onto a seperate server. The exchange server is using the same domain name. On the domain controller, in DNS, the website is listed int he forward lookup zone. I verified the Ip address by pinging the name and having dns resolve it.
    Maybe the way the forward lookup zone is entered is incorrect. The forward lookup zone on the left is xxx.com. Then there is a record on the right that is named www with www.xxx.com for the full qualified domain name and the ip address that it translates to. There are other records listed for blackberry, and other servers on our network under that zone. The box for update associated ptr record is unchecked.

    I have flushed dns also. It has to be something to do with the dual names on the network. No other website is affected.

    +
    0 Votes
    sparkle_126

    www? Then the fqdn would be www.(domainmame.com) and then put in the resulting ip address. As well, if you put the ip address alone in the address bar, do you get to the page?

    Just curious

    +
    0 Votes
    GirlGeek12

    That's how it is entered. I have also tried just putting the ip address into IE. Nothing.

    +
    0 Votes
    CG IT

    Fully Qualified Domain Name is what you get from the Domain Registrar. Typically the name you want with a .com/net/org/ blah blah.

    That name means nothing on the internet until a Name Server is granted authoritative for the name and provides an address. The Registar inititally assigns their name servers as authoritative for the domain name. To have your own name servers be authoritative for your domain name, you must first register your name servers with the domain registar then assign them as authoritative for your name. Then create records which will resolve your name to your public IP address. That's for hosting your own web site with your own web servers on your own network using your publically assigned ISP address.

    Now, if you have a 3rd party web hosting company host your web site, their address is used to point any query for your site to their servers. If you happen to also have your internal network use the same FQDN as your web site, your going to have a problem getting to your web site from inside your network. That's because your internal DNS servers will resolve the query for your domian name and not forward them to root hint servers on the internet. So, you'll never get to see your hosted site internally unless you know the actual address.

    then you would have to type 10.0.0.0:80 in the address bar to see your web site. Remember, when you type in http://www.yourdomain.com what your really typing in is your address with the appropriate port #. [the example 10.0.0.0:80= http://www.yourdomain.com] That's all DNS does resolve a name to an address [forward lookup] or an address to a name [reverse lookup].

    I'll have to look on Microsoft Help and Support site for a KB article which solves the problem of 3rd party web hosting for a FQDN with the same internal FQDN for a private network.

    But that's the gist of your problem. Your users are asking for http://www.yourdomain.com and your internal DNS server will resolve that name to your server address because your internal network uses the same FQDN internall as externally. It will not fail to resolve therefore forward the failed query to internet root hint servers for resolution, therefore direct the query to the web hosting service hosting your web site.