zillah 5 Posted March 17, 2010 Share Posted March 17, 2010 HiAt work I have got a windows 2003 server (Active Directory environment with Exchange) and 10 clients with XP OS, Server 2003 acting as internal DNSThey are connected to a snap gear router which is connected to an ADSL modem.We have got a work’s website suppose it is called: www.works.org.nl which is hosted with external provider I cannot access our work’s website www.works.org.nl from any PC at work but I have got no problem to access any other websites.From work when I ping the our work website www.works.org.nl it times out but it gives me this ip address 234.56.79.104 ,,,,,,,,,,not the real ip address please pay attention to last octet From home when I ping our work website www.works.org.nl it does not time out (means there is a reply) but it gives me this ip address 234.56.79.20,,,,,,,, not the real ip address only last octet is different comparing to ip address at work. From home I have got no problem to access our work’s website www.works.org.nlThanks Link to post Share on other sites
lewmur 355 Posted March 17, 2010 Share Posted March 17, 2010 (edited) HiAt work I have got a windows 2003 server (Active Directory environment with Exchange) and 10 clients with XP OS, Server 2003 acting as internal DNSThey are connected to a snap gear router which is connected to an ADSL modem.We have got a work’s website suppose it is called: www.works.org.nl which is hosted with external provider I cannot access our work’s website www.works.org.nl from any PC at work but I have got no problem to access any other websites.From work when I ping the our work website www.works.org.nl it times out but it gives me this ip address 234.56.79.104 ,,,,,,,,,,not the real ip address please pay attention to last octet From home when I ping our work website www.works.org.nl it does not time out (means there is a reply) but it gives me this ip address 234.56.79.20,,,,,,,, not the real ip address only last octet is different comparing to ip address at work. From home I have got no problem to access our work’s website www.works.org.nlThanksTry putting the IP address you get when you ping from home in the address bar of your work computer. IOW, don't type in www.works.org.nl. Instead type in 234.56.79.20,, and see if that accesses the site. It might just be a question of the dns servers not having caught up with an address change for your site. That can sometime take a couple of days.If that works, then try clearing the cache on the work computer. It may have cached an old IP address and is using that rather than doing another dns lookup. Edited March 17, 2010 by lewmur Link to post Share on other sites
Guest LilBambi Posted March 17, 2010 Share Posted March 17, 2010 I would also be concerned that you should be flushing the DNS cache on those computers and your Server 2003 if it is providing DNS for those systems on your work network.Sounds like DNS poisoning possibilities to me at your work network, or through the DNS for your ISP. Link to post Share on other sites
zillah 5 Posted March 17, 2010 Author Share Posted March 17, 2010 (edited) If that works, then try clearing the cache on the work computer.No, it didn't workSounds like DNS poisoning possibilities to me at your work network, or through the DNS for your ISP. ipconfig /flushdnsnet stop dnscachenet start dnscache Didn't help me out eitherOn the Active Directory I did clear DNS cache by doing this Administrive tools -- > DNS --> Right click clear cache,,,,,but still no joy.or as explained in Figure C in the link belowhttp://articles.techrepublic.com.com/5100-...11-5091116.htmlThanks Edited March 17, 2010 by zillah Link to post Share on other sites
Guest LilBambi Posted March 17, 2010 Share Posted March 17, 2010 Did you flush the DNS on your work computer? Or the local server on your network or both?If that didn't fix it, could be the ISP DNS that's poisoned. Might consider using Open DNS for the network if the ISP isn't persnickety about using other DNS. If they are, they need to fix it. A call to Technical Support might be the next stop if all the steps between you and the ISP have been dealt with and still no relief. Link to post Share on other sites
crp 812 Posted March 17, 2010 Share Posted March 17, 2010 a tracert from a work pc to the web name could be interesting ,especially if you could compare it to one from your home. Link to post Share on other sites
zillah 5 Posted March 17, 2010 Author Share Posted March 17, 2010 Did you flush the DNS on your work computer? Or the local server on your network or both?Hi LilBambiI vpned to our server at work (windows 2003) and I iussed those dnsflush command on the server and then I did test from the server.I have not tried that on a workstation yet Link to post Share on other sites
zillah 5 Posted March 17, 2010 Author Share Posted March 17, 2010 a tracert from a work pc to the web name could be interesting ,especially if you could compare it to one from your home.I tried that from home I can reach servername for our host provider while from work it timed out Link to post Share on other sites
zillah 5 Posted March 18, 2010 Author Share Posted March 18, 2010 (edited) At home and from my laptop I pinged www.works.org.nl result was successful Reply and I got an ip address which was : 234.56.83.20 (not real ip address)I did test at home I typed in a IE and Mozillah this : http://234.58.83.20 the message that I received as below : If you can see this page, then the people who manage this server have installed cPanel and WebHost Manager (WHM) which use the Apache Web server software and the Apache Interface to OpenSSL (mod_ssl) successfully. They now have to add content to this directory and replace this placeholder page, or else point the server at their real content.I recorded home ip address (234.58.83.20) in a piece of paper and I typed it in the address bar of IE and Mozilla at work (server and workstation) ,,,,I received the same message as wellIf you can see this page, then the people who manage this server have installed cPanel and WebHost Manager (WHM) which use the Apache Web server software and the Apache Interface to OpenSSL (mod_ssl) successfully. They now have to add content to this directory and replace this placeholder page, or else point the server at their real content.At work on the server and workstation I pinged www.works.org.nl result was timed out and the ip address that I have got was : 234.56.79.104 (not real ip address)At work I ping 234.56.79.104 (not real ip address) ,,,,,ping timed outAt home I ping 234.56.79.104 (not real ip address),,,,,ping timed out as well.I typed in this ip address in the address bar of server 's IE and Mozilla ,,,,error message : The page can not be displayedI typed in this ip address in the address bar of laptop 's IE and Mozilla ,,,,error message : The page can not be displayed as well Edited March 19, 2010 by zillah Link to post Share on other sites
Temmu 1,931 Posted March 19, 2010 Share Posted March 19, 2010 i assume there is a firewall on the outside edge of your network.your firewall could be doing nat or pat, statically translating your inside .104 to and outside .20i do that to assign a public ip address to a private one on the inside so those on the outside may have access to those few machines.(the address you can ping from home is obviously a public one, or you could not ping it.is the address that you can ping from work private, such as 10.x.x.x, 192.168.x.x or any of 172.16.x.x to 172.31.x.x?)you may not be able to see the outside address from the inside because of a rule in the firewall: someone may not want users at work to monkey around with the server, except perhaps from one (and only one) work pc - the pc of the webmaster, for example.as to no response from pings, again, it is a firewall setting. lots of people don't want you to be able to ping them so they leave icmp (google which) off by default. or to put it another way, it's a real pain in the but to add rules to allow icmp (of which ping is one.)so, when you ping yahoo.com, you get an ip address and responses, but if you ping spiceworks.com, you get the ip address but no ping response. all that shows is that dns is indeed working and it does not show that the site is not alive. Link to post Share on other sites
zillah 5 Posted March 19, 2010 Author Share Posted March 19, 2010 (edited) i assume there is a firewall on the outside edge of your network.Hi TemmuI have got an access to the snapgear 300 router and I could not see any rule that might block the work's webiste. Edited March 19, 2010 by zillah Link to post Share on other sites
lewmur 355 Posted March 19, 2010 Share Posted March 19, 2010 (edited) Hi TemmuI have got an access to the snapgear 300 router and I could not see any rule that might block the work's webiste.OK. So, your work computer is definitely giving you the wrong IP address from your DNS server. Try googling OpenDNS and try their free service. It will set your work computer's NIC to use their DNS server instead of your local one. You might also want to check the file c:\windows\system32\drivers\etc\hosts to make sure that isn't redirecting the domain name.Also, when I advised you to clear your cache, I meant the browser's cache and not the machine's DNS cache. Edited March 19, 2010 by lewmur Link to post Share on other sites
zillah 5 Posted March 19, 2010 Author Share Posted March 19, 2010 Also, when I advised you to clear your cache, I meant the browser's cache and not the machine's DNS cache.Okay I did that as wellYou might also want to check the file c:\windows\system32\drivers\etc\hosts to make sure that isn't redirecting the domain name.I have just checked for the server ( I will check for workstation as well),,,,for the server this is what I have got # Copyright (c) 1993-1999 Microsoft Corp.## This is a sample HOSTS file used by Microsoft TCP/IP for Windows.## This file contains the mappings of IP addresses to host names. Each# entry should be kept on an individual line. The IP address should# be placed in the first column followed by the corresponding host name.# The IP address and the host name should be separated by at least one# space.## Additionally, comments (such as these) may be inserted on individual# lines or following the machine name denoted by a '#' symbol.## For example:## 102.54.94.97 rhino.acme.com # source server# 38.25.63.10 x.acme.com # x client host127.0.0.1 localhost Try googling OpenDNS and try their free service. It will set your work computer's NIC to use their DNS server instead of your local one.I will try that as well Link to post Share on other sites
lewmur 355 Posted March 19, 2010 Share Posted March 19, 2010 Okay I did that as wellI have just checked for the server ( I will check for workstation as well),,,,for the server this is what I have got # Copyright (c) 1993-1999 Microsoft Corp.# 102.54.94.97 rhino.acme.com # source server# 38.25.63.10 x.acme.com # x client host127.0.0.1 localhost I will try that as well This is OK. Not the problem. Link to post Share on other sites
zillah 5 Posted March 19, 2010 Author Share Posted March 19, 2010 (edited) Hi lewmur Try googling OpenDNS and try their free service. It will set your work computer's NIC to use their DNS server instead of your local one.On the server and one workstation I did this test I used OpenDNS addresses which are 208.67.222.222 for Primary DNS and 208.67.220.220 for Secondary DNS.Both server and workstation were able to browse www.works.org.nlThis is test proves that my problem is a DNS issue.Now what will be the suggestion to fix it ?Thanks Edited March 19, 2010 by zillah Link to post Share on other sites
Peachy 162 Posted March 19, 2010 Share Posted March 19, 2010 zillah,what is the first DNS used on the internal network. You can find this out with ipconfig /all. Then check the zone file on that DNS server and see what it has for the IP address for the FQDN for the site. Link to post Share on other sites
zillah 5 Posted March 19, 2010 Author Share Posted March 19, 2010 what is the first DNS used on the internal network. You can find this out with ipconfig /all. Then check the zone file on that DNS server and see what it has for the IP address for the FQDN for the site.Peachy do you want me to use the DNS addresses before I have changed them to OpenDNS addresses ? Then I can do what you have advised Thanks Link to post Share on other sites
crp 812 Posted March 19, 2010 Share Posted March 19, 2010 i wonder if the DNS server has seperate configurations for internal and external access. Link to post Share on other sites
lewmur 355 Posted March 19, 2010 Share Posted March 19, 2010 (edited) Hi lewmurOn the server and one workstation I did this test I used OpenDNS addresses which are 208.67.222.222 for Primary DNS and 208.67.220.220 for Secondary DNS.Both server and workstation were able to browse www.works.org.nlThis is test proves that my problem is a DNS issue.Now what will be the suggestion to fix it ?ThanksIf you allow XP to obtain DNS automatically, it will typically use the DNS service set up in the router. So, if you want all the workstations to work, change the router's DNS setting to the OpenDNS addresses. This is, of course, assuming MS Exchange in the server isn't overriding the router's settings. You might want to make sure the Exchange DNS settings match the router's settings.When you first install your router/modem, it is normally set to use your ISP's DNS servers. This normally isn't a problem because if the ISP's servers go down, then you probably won't have Internet access anyway. But I've seen the time when AT&T's DNS servers went down and I could still access the net, when others couldn't, because I use OpenDNS as the secondary server. To me, it is always advisable to have a different secondary DNS service provider. Edited March 19, 2010 by lewmur Link to post Share on other sites
zillah 5 Posted March 20, 2010 Author Share Posted March 20, 2010 (edited) If you allow XP to obtain DNS automatically, I could not choose this option because a static ip address was assigned to each workstation and as you know when a static ip address is assigned manually the option " obtain DNS server address automatically " is grayed out. change the router's DNS setting to the OpenDNS addresses.I could not find such an option within the Snapgear 300 configuration.You might want to make sure the Exchange DNS settings match the router's settings.Router DNS addresses in the snapshot below :http://i42.tinypic.com/ay4bq.jpgExchange DNS settings Could you please advise where can I check those settings ?What I did ,,,,at home when I pinged www.works.org.nl (again I made this name up as an example), I got an external ip address (202.y.y.y) At work under works.org.nl forward lookup zone I updated the 3 entries ftp, list, www from the old ip address to the new one (i.e. 202.y.y.y) and now I can access www.works.org.nl from work and I can ping www.works.org.nl from work as well. Would I have done the right thing or still I need to consider other thing in the DNS configuration ? If the actual external IP for the website is changed in few months later do I need to update works.org.nl forward lookup zone again ? Edited March 22, 2010 by zillah Link to post Share on other sites
Temmu 1,931 Posted March 23, 2010 Share Posted March 23, 2010 is someone else (a web hosting company) hosting the dns entry for your public website?if you are changing dns entries on a local dns server to another ip address, but another dns server is serving up a different ip address, people on the internet won't reliably be able to find your site.where i work, one company hosts our various public dns needs and another hosts our website, and another our email server... Link to post Share on other sites
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now