I can not access our work’s website from work

[zillah]

Hi

At work I have got a windows 2003 server (Active Directory environment with Exchange) and 10 clients with XP OS, Server 2003 acting as internal DNS

They are connected to a snap gear 300 router which is connected to an ADSL modem.

We have got a work’s website suppose it is called: www.works.org.nl (I made this name up ) which is hosted with an external provider I cannot access our work’s website www.works.org.nl from any PC at work but I have got no problem to access any other websites.

At work on a server and a workstation I ping www.works.org.nl result was timed out and the ip address that I have got was : 234.56.79.104 (again not a real ip address,,,do not trace it)
At work when I ping 234.56.79.104 result was timed out
At home when I ping 234.56.79.104 result was timed out as well.
I typed in this ip address in the address bar of server's IE and Mozilla ,,,,error message :

Code:

The page cannot be displayed

I typed in this ip address in the address bar of laptop's IE and Mozilla ,,,,error message :

Code:

The page cannot be displayed as well

From home on my laptop I ping www.works.org.nl result was successful Reply and I got an ip address which was: 234.56.83.20 (this is different ip address from what I got at work)
I did test at home I typed in a IE and Mozillah this : http://234.58.83.20 , the message that I received as below :

If you can see this page, then the people who manage this server have installed cPanel and WebHost Manager (WHM) which use the Apache Web server software and the Apache Interface to OpenSSL (mod_ssl) successfully. They now have to add content to this directory and replace this placeholder page, or else point the server at their real content.

I recorded home ip address (234.58.83.20) in a piece of paper and I used it in the address bar of IE and Mozilla at work (server and workstation) ,,,,I received the same message as well

If you can see this page, then the people who manage this server have installed cPanel and WebHost Manager (WHM) which use the Apache Web server software and the Apache Interface to OpenSSL (mod_ssl) successfully. They now have to add content to this directory and replace this placeholder page, or else point the server at their real content.

I cleaned DNS cache by applying below on the server 2003

ipconfig /flushdns
net stop dnscache
net start dnscache

On the Active Directory I did clear DNS cache by doing this Administrive tools -- > DNS --> Right click clear cache,,,,,but still no joy.
or as explained in Figure C in the link below
http://articles.techrepublic.com.com...1-5091116.html

Note : It does not make sense that work will block its website , I have got access to the snapgear router I cannot see anything that might block work website

Thanks

[vertices]

I'm betting whoever set up your Windows domain didn't quite know what they were doing and set it up as works.org.nl.

Renaming a domain is a pain in the butt especially if you have Exchange. And I'm guessing you have SBS and you possibly can't rename a domain wth SBS. I certainly wouldn't even try.

About the only thing you can easily do is to go into your DNS MMC on your server at work and add an A record for the www host in the forward lookup zone for works.org.nl and point that record to IP 234.58.83.20.

That will make it work, but only if you fully type out www.works.org.nl in your browser. If you leave the www it won't work.

For the record you should never use the same domain for both your website/email and your internal Windows domain.

If abc.com is your external, think about something like corp.abc.com or abc.local or something like that for your Windows domain to keep them separate.

[zillah]

Hi vertices

I'm betting whoever set up your Windows domain didn't quite know what they were doing and set it up as works.org.nl.

No it is not, Active Directory domain is called : works.local

For the record you should never use the same domain for both your website/email and your internal Windows domain.

If abc.com is your external, think about something like corp.abc.com or abc.local or something like that for your Windows domain to keep them separate.

Yes it likes that internal windows domain is : works.local , and website/email is : works.org.nl

About the only thing you can easily do is to go into your DNS MMC on your server at work and add an A record for the www host in the forward lookup zone for works.org.nl and point that record to IP 234.58.83.20.

Under "Forward Lookup Zone" there are three subzones:

msdcs.works.local

works.local

works.org.nl

Under " works.org.nl " subzone there is an enatry for www that is pointing to IPS DNS, then I added www that is associated with 192.168.0.50 (before the last one in the table) as in the figure below:

http://i44.tinypic.com/oh8ikk.jpg





Then I removed only entry for www that was associated with ISP DNS (i.e. public ip address last one in the table) from that subzone ,as depicted in the snap shot below :

http://i39.tinypic.com/r09w68.jpg




Note: static ip address for the server is 192.168.0.50

but only if you fully type out www.works.org.nl in your browser. If you leave the www it won't work.

On the work's server (not worstation)I did this test

Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\itsupport>ping www.works.org.nl

Code:

Pinging www.works.org.nl [192.168.0.50] with 32 bytes of data:

Reply from 192.168.0.50: bytes=32 time<1ms TTL=128
Reply from 192.168.0.50: bytes=32 time<1ms TTL=128
Reply from 192.168.0.50: bytes=32 time<1ms TTL=128
Reply from 192.168.0.50: bytes=32 time<1ms TTL=128

Ping statistics for 192.168.0.50:
Packets: Sent = 4, Received = 4, Lost = 0 (0&#37; loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

Code:

C:\Documents and Settings\itsupport>ping works.org.nl
Ping request could not find host works.org.nl. Please check 
the name and try again

Thanks

[ua549]

I did not see a DNS entry for works.

[zillah]

I did not see a DNS entry for works.

http://i44.tinypic.com/znjtqb.jpg

[vertices]

Looks like you are trying to setup split-dns.

Wildcard records are evil. Delete it. The * record.

In the works.org.nl forward lookup zone, you need 2 records, both pointing to the actual external IP of your website.

So if your website is www.works.org.nl. That resolves to 212.79.243.144. So you would need 2 records in your forward lookup zone for works.org.nl:

A record, (same as parent folder), 212.79.243.144
A record, www, 212.79.243.144




As an alternative to all this, you are probably attempting to use split-dns only so that your mail record works internally, such as mail.works.org.nl.

What you could do is delete the entire works.org.nl zone. Then simply make a new zone called mail.works.org.nl. In that zone, put a single record:

A record, (same as parent folder), 192.168.0.50


That would cause mail.works.org.nl to resolve internally to your private mail server, but anything else would go out to public DNS servers resolving properly to external addresses.

It looks like you are going for split-dns which if you are not a DNS expert, is really more trouble than it's worth for a single record or two.

[vertices]

Also, make sure you flush the server cache in the DNS MMC, and also do an ipconfig /flushdns on the server and your workstation after making the change, but before testing the change.

[zillah]

Looks like you are trying to setup split-dns.

The setup was already there , it was not done by me

Wildcard records are evil. Delete it. The * record.

Noted.

So you would need 2 records in your forward lookup zone for works.org.nl:
A record, (same as parent folder), 212.79.243.144
A record, www, 212.79.243.144

Noted as well.

In the works.org.nl forward lookup zone, you need 2 records, both pointing to the actual external IP of your website.

In the works.org.nl forward lookup zone I have got couple entries which are ftp, list , mail.

ftp and list and www are pointing to the same public ip address which starts with 202.y.y.y (as can be seen in the snap shot that I had posted for works.org.nl forward lookup zone earlier)

So if your website is www.works.org.nl. That resolves to 212.79.243.144.

Now currenlty the website www.works.org.nl does not resolve to the same ip address above 202.y.y.y,,,,,because when I pinged www.works.org.nl from home it gave me a different external ip address from 202.y.y.y

Now my question if I want to update the works.org.nl forward lookup zone to the actual external IP (that I found from home via ping 202.y.y.y) do I need to update all entries (i.e. www, fto, list) ?

If the actual external IP for the website is changed in few months later do I need to update works.org.nl forward lookup zone again ?

Thanks

[zillah]

Now my question if I want to update the works.org.nl forward lookup zone to the actual external IP (that I found from home via ping 202.y.y.y) do I need to update all entries (i.e. www, fto, list) ?

vertices what I did ,,,,at home when I pinged www.works.org.nl (again I made this name up as an example), I got an external ip address (202.y.y.y)

At work under works.org.nl forward lookup zone I updated 3 entries for ftp, list, www from the old ip address to the new one (i.e. 202.y.y.y) and now I can access www.works.org.nl from work and I can ping www.works.org.nl from work as well

Would I have done the right thing or still I need to consider other thing in the DNS configuration ?

Still I am looking for the answer to below :

If the actual external IP for the website is changed in few months later do I need to update works.org.nl forward lookup zone again ?

Thanks

[vertices]

vertices what I did ,,,,at home when I pinged www.works.org.nl (again I made this name up as an example), I got an external ip address (202.y.y.y)

At work under works.org.nl forward lookup zone I updated 3 entries for ftp, list, www from the old ip address to the new one (i.e. 202.y.y.y) and now I can access www.works.org.nl from work and I can ping www.works.org.nl from work as well

Would I have done the right thing or still I need to consider other thing in the DNS configuration ?

Still I am looking for the answer to below :


Thanks

Yes you did the right thing. And yes, you will have to update it later if it changes externally. That's the issue with split-dns, and why I recommended a different config by deleting that zone, and making a new zone called mail.works.org.nl as outlined above. Glad you have it sorted for now though.

If you decide to keep it as is, you need to delete the * record. You also need to make sure you have a "(same as parent folder)" A record pointing to that same public IP.