Can't reach my external website from inside my domain

Started by Jeff Zylstra, October 19, 2011, 01:25:49 PM

Previous topic - Next topic

0 Members and 2 Guests are viewing this topic.

Jeff Zylstra

OK. This is getting frustrating.  Yesterday I finally got our website up and running (I can reach it from outside our building).  It's hosted on an outside server, but has the same domain name as my internal PDC server - DZA.Com.   I've tried ping, tracert and nslookup with no luck.    A ping of dza.com returns my internal 192.xxx.xxx.xxx IP address of my PDC/file server which runs IIS 7, if that matters.   NSlookup of either dza.com or http://www.dza.com returns the 192.xxx.xxx.xxx address of the PDC/Server. 

I've already done a IPCONFIG/DNSFLUSH and /DNSREGISTER on both the domain controller and also 1 workstation.  I'm guessing that either a hosts file entry or the addition of an "A" record pointer in my DNS server should do the trick.   However, messing with DNS makes a little nervous since I've had my DNS a few years back and lost some data because of it.  Any help is appreciated.  Thank you.

P.S.  I should add that dropping the IP address into a browser address window doesn't work either.  It just returns a "server not found" message.
"We hang the petty thieves, and appoint the great ones to public office"  -  Aesop

Jim Jensen

I was concern about this, so I used MS's suggestion of the .local setup on the server. How big of a pain would it be to change your PDC?
Jim Jensen
CIC, CEO, CIO, COO, CFO, Producer, CSR, Claims Handler, janitor....whatever else.
Jensen Ford Insurance
Indianapolis

Bloody Jack Kidd

If you don't have an internal www.dza.com - you can create an internal A record for that and point it to the external IP address of your website.  Otherwise, you can create a different name for it - like "web.dza.com" just to get it to resolve from the inside.
Sysadmin - Parallel42

Mark

Quote from: Bloody Jack Kidd on October 19, 2011, 01:43:25 PM
If you don't have an internal www.dza.com - you can create an internal A record for that and point it to the external IP address of your website.  Otherwise, you can create a different name for it - like "web.dza.com" just to get it to resolve from the inside.

Correct me if I'm wrong BJK, but if his AD network is dza.com and his website is dza.com, then he's pretty much dead in the water for dza.com because that is his LOCAL domain, isn't he?  I'm really asking (not being a BJA ;)), I've always used .local and I've always spoken strongly about using .local and NEVER using .com internally.

With all that said, Jeff, if you create an A record for WWW and point it to your web server's external IP address, you *should* be good to go for www.dza.com internally.

EDIT: Website looks nice by the way.  For some reason, I always thought you were north, not east, of here.  I have been to Grand Rapids, but not for nearly 20 years.
Mark Piontek, MBA
Director of Information Systems
BS in Information Systems Security

Bloody Jack Kidd

for "dza.com" explicitly - yes, you cannot point that to two locations simultaneously... but in our environment, all FQDNs are like DC1.domain.com, host.domain.com, gadget.domain.com...  if he has an Intranet "dza.com" that might throw a wrench in the works, but that may also be trivial to rename.
Sysadmin - Parallel42

Mark

Interesting.  I feel like that would mess something up in DNS though, but I suppose it might not.

My simple "solution" to this would be to add the www A record like I said, but then on the IIS default website (assuming it's not in use) I'd crete a redirect page (meta refresh or whatever) and have it redirect to www.dza.com, so if internal users type in dza.com and hit the iis server, it just bumps them to www.dza.com and viola. 
Mark Piontek, MBA
Director of Information Systems
BS in Information Systems Security

Jeff Zylstra

#6
Thank you, gents.   The only reason that IIS is running is because it was required in order to install WSUS.  I don't really run an intranet using IIS.  It's just a shared HTML file that acts as a "menu" of sorts to other documents.

I tried to add an A record in DNS, but the "add host" button is grayed out for some reason, leaving only the "cancel" button as an option.  Any idea what that's all about?  Never mind.  Dope that I am, I had a space after the IP address.  I just added a record with WWW (it automatically inserted the DZA.COM) and used my external IP address.  We'll see what happens shortly.
"We hang the petty thieves, and appoint the great ones to public office"  -  Aesop

Mark

Go into DNS, expand out Forward Lookup Zones, highlight dza.com, on the right hand side, right-click a blank area and chose "New host (A)..."

That was greyed out?
Mark Piontek, MBA
Director of Information Systems
BS in Information Systems Security

Jeff Zylstra

It was only grayed out because I copied and pasted the IP from an e-mail, while connected to my server via RDP.  Removing the trailing space fixed that.

Now I would like to change it so that DZA.Com points to my external IP address.  Is that even possible?  Or would changing my internal domain name to DZA.LOCAL be a better choice?  What would be involved in doing that, btw?
"We hang the petty thieves, and appoint the great ones to public office"  -  Aesop

Jeff Golas

#9
Looks like he got it - and thats what I would do (create host record).

If there is an intranet, just use a different addy for it, like intranet.dza.com or something.

As far as resolving dza internally, I wouldn't do it. I just checked mine and by default it resolves to the Domain controller.

Even if you set up a forwarder on the internal DNS server, it won't work because it will resolve dza and therefore never forward it.

Changing a domain name isn't fun...especially if you're Windows Svr 2003 or older, and REALLy eSPECIALLY if you're running Exchange.

Jeff Golas
Johnson, Kendall & Johnson, Inc. :: Newtown, PA
Epic Online w/CSR24
http://www.jkj.com

Mark

Changing your domain would be a hassle in my opinion.  If you're not using an Intranet in iis like you said, then try pasting this code into Notepad, then save as index.html and place in C:\Inetpub\wwwroot

<html>
<head>
<meta http-equiv="refresh" content="0; url=http://www.dza.com/">
</head>
</html>


My source: https://secure.wikimedia.org/wikipedia/en/wiki/Meta_refresh
Mark Piontek, MBA
Director of Information Systems
BS in Information Systems Security

Jeff Zylstra

Everything's working great.  Thank you, everyone.  And the redirect worked like a champ.  Thanks Mark.
"We hang the petty thieves, and appoint the great ones to public office"  -  Aesop

Mark

Quote from: Jeff Zylstra on October 19, 2011, 03:18:52 PM
Everything's working great.  Thank you, everyone.  And the redirect worked like a champ.  Thanks Mark.

Good deal!
Mark Piontek, MBA
Director of Information Systems
BS in Information Systems Security