Web site viewable from outside office but not on Lan

Discussion in 'DNS Server' started by Jason Stevens, Sep 14, 2005.

  1. We host our own web site and also have an Intranet that is set up as
    basically another web site. We also host a 3rd site for one of our clients.
    The one has a domain of .com and the other .net.

    www.ourcompany.com - our web site
    www.ourcompany.net - our intranet
    www.client.com - the clients site

    We used to be able to view all of them from the LAN and from outside the
    office. Now I can still view the .net from both the Lan and outside but the
    ..com is only viewable from outside. When I try to view it from the Lan it
    just says "The page can not be displayed".

    The reason that I think this is a DNS issue is that for the clients site I
    went into the DNS and added a Forward Lookup Zone for www.client.com and
    then added a host with a blank name and assigned it to the correct IP
    address. I was then able to see this site from both the LAN and outside the

    There is a Forward Lookup Zone for ourcompany.com and it has a host with the
    same IP. The only difference that I see in the Zones is that ourcompany.com
    has a Text with the data "v=spf1 a mx ptr ~all"

    Other than applying some updates from Microsoft I have not installed any
    other software. Both sites have identical settings in IIS (except for the
    Host Header). It is not listed in my restricted sites for IE. Any ideas on
    what might be blocking this from inside the office? We have SBS 2003
    without ISA.

    Jason Stevens, Sep 14, 2005
    1. Advertisements

  2. Jason Stevens

    Sharad Naik Guest

    Hello Jason,

    First of all what is your internal domain name? From your post it appears
    that (your Intranet),
    it should be "ourcomany.net". Is this correct?

    If yest then why there is forwardlookup zone "ourcompany.com"????
    Just delete that zone! Then do ipconfig /flusdns on the server and also
    one of the clients, and then try accessing www.ourcompany.com: from that
    It should work.

    In case your internal domain name is not "ourcompany.net" and it is
    then DON'T delete the zone "ourcompany.com" !!

    Instead in the zone "ourcompany.com" add a new Host (A) record "www"
    pointing to the
    IP address of your external web side. Then do ipconfig /flushdns on the
    server and
    on one of the clients and then try accessing www.ourcompany.com from that

    If none of above applies to your present settings, then please post in
    what is your internal (LAN) domain name, what is your external (Public)
    domain name,
    and unedited results of ipconfig /all from your server and one of the


    Sharad Naik, Sep 14, 2005
    1. Advertisements

  3. Sharad,
    My local domain name is RGS.Local and our domain name is rgsassociates.com

    I'm pretty sure I need the rgsassociates.com because our email comes into

    I added the Host record "www" and ran the flushdns on the server and client
    but nothing has changed. I still can't access the site. I can access
    www.rgsassociates.net with no problems and I don't see that anywhere in DNS.

    You can view the results of the Ipconfig /all at
    http://www.rgsassociates.net/delete/results.htm. I also ran nslookup and
    you can see in the server results image that it works fine for .net but not

    Any help is greatly appreciated.
    Jason Stevens, Sep 14, 2005

  4. I notice from the server ipconfig /all that the public address on this
    server is dynamic, so any of these sites if hosted locally will need to
    point to a record that is dynamically updated so external users can access
    the site when the IP changes.
    Other than the problem noted below with the mail server, I think this is
    mostly an IIS and a firewall problem. You need to make sure the proper ports
    are open, and host header and IP addresses are properly configured in IIS.
    You don't need this zone because it will only conflict with the public zone
    hosted with your registrar.

    After looking at the zone for this public domain, there is a major problem
    with the MX record, it says
    mail server host name is mail.rgsassociates.com, but that record is an alias
    record (CNAME) some mail servers will not send to or receive mail from a
    mail server using a CNAME.
    See: http://www.dnsreport.com/tools/dnsreport.ch?domain=rgsassociates.com
    rgsassociates.com. IN MX

    rgsassociates.com. 21220 IN MX 0 mail.rgsassociates.com.
    mail.rgsassociates.com. IN A

    mail.rgsassociates.com. 21365 IN CNAME rgsassociates.com.
    rgsassociates.com. 21365 IN A

    You need to delete the CNAME record and create an A record named mail.
    You also need to configure the SMTP virtual server in Exchange system
    manager with the name mail.rgsassociates.com

    The TXT record is an SPF record and is not needed on this server, it should
    be in the public zone, which AFAIK your registrar does not support yet.

    All sites on this server should be configured in IIS to be on any IP address
    so IIS can bind to the External interface. Then the sites should work
    internally and externally. The only zone you really need in your local DNS
    are the ones for the AD domain which does not conflict with any local sites.

    Best regards,
    Kevin D4 Dad Goodknecht Sr. [MVP]
    Hope This Helps
    When responding to posts, please "Reply to Group"
    via your newsreader so that others may learn and
    benefit from your issue, to respond directly to
    me remove the nospam. from my email address.
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    Keep a back up of your OE settings and folders
    with OEBackup:
    Kevin D. Goodknecht Sr. [MVP], Sep 15, 2005
  5. The IP address is set up as dyanmic only because the cable company preferred
    it that way but our IP never changes. The IIS setup is identical to the
    ..net except the host header.
    Jason Stevens, Sep 15, 2005
  6. If I delete the zone rgsassociates.com and recreate it will that affect our
    email at all. This server is also our Exchange server and email comes in at
    Jason Stevens, Sep 15, 2005
  7. I just got it to work by adding a new zone called www.rgsassociates.com. So
    I now have that one and one called rgsassociates.com. I think I had tried
    this before but I didn't flush the dns. Do you know if this will cause any
    Jason Stevens, Sep 15, 2005
  8. Jason Stevens

    Sharad Naik Guest

    Well I think that you can just delete the zone rgsassociates.com and
    everything should work fine. (Only after doing ipconfig /flushdns).
    Deleting and recreating the zone should not be a problem at all, all you
    have to do is notedown the Records it contains, and add them back if you
    need to recreate
    (since you only have a few records you can do this.)

    I saw the logs on the web page you mentioned. And I am surprised to note
    that, despite having a zone 'rgsassociates.com'
    you got "timed out" error for www.rgsassociates.com. ,in nslookup. This
    shouldn't happen. If you have that zone, then for www.rgsassociates.com
    you should either get a non existent domain (if there is no 'www' A record
    in that zone), or your should get correct answer (if there IS 'www' A
    record in that zone.).
    So I am even worndering that whether the 'rgsassociates.com' zone is
    mispelled or what? Just check to be sure.

    As Kevin already explained, you really don't need the SPF (text) record in
    to your DNS that is for sure, and even don't need this zone .. well...
    unless something is mis-configured.
    Make a note of other records in the zone rgsassociates.com and the delete
    the zone. Run ipconfig /flushdns on the server and on a client. Then from
    that client run nslookup and try to resolve www.rgsassociates.com
    It should work. If it doesn't recreate the zone, add the records you have
    noted. Again do ipconfig /flushdns, and you will be back to your original

    In the client's ipconfig /all results which you posted, the "Windows IP
    Configuration" section is not visible.
    This section will be helpful if you have wrong DNS suffix search orders.
    Run the ipconfig /all commad as mentioned below to save the results in a
    text file. Then you can copy from the text file and paste here.

    ipconfig /all >c:\ipcfg.txt

    This will save the results in file ipcfg.txt in C:\.
    You can copy from that file and paste here.

    Sharad Naik, Sep 15, 2005
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.