Re: Web Site Mystery

TheScullster <phil@xxxxxxxxxxxxxxx> wrote:
"Lanwench [MVP - Exchange]" wrote
Lanwench

Thanks for your input.
First let me say that I am somewhat out of my depth with all this but
will reply to your points to see if we can get to the bottom of this.

Cool beans.


Although we have our own corporate domain europacrown.com, we do not
host our own web site at this location.
Instead, our parent company hosts our site along with their own.
So in our DNS setup, there is a pointer to the ip address of the
host server.

What's your AD domain name? If it matches your public domain name
(europacrown.com), you're using "split brain DNS" - and yes, you
need to have a host entry for www which points to the correct public
IP.

Our AD domain is europa.

That's the NetBIOS name - think of it as a nickname. The full name has to
end in dot-something. Run an ipconfig /all on your server and you'll see the
full name - or ping your server by its NetBIOS name and it should reply with
the FQDN (servername.domain.whatever)

There is an entry in our DNS report which must point to the correct
public IP as the web site is accessible from any other browser
connection outside our LAN.


What do you get when you ping www.europacrown.com ? Does it return
the correct public IP? I get 216.17.30.189....



Interesting.
I believe that our firewall blocks attempts at external pings.

Outbound? That sucks. I'd turn that "feature" off. Pinging is a very useful
connectivity test. Blocking inbound ICMP is a Good Thing.


When I ping any other address it does resolve to an ip address but
returns "request timed out".

That's often useful anyway - could be that the remote host blocks ping
requests. Just to check name resolution, ping is still useful.
However, when I ping www.europacrown.com it returns "Ping request
could not find host www.europacrown.com. Please check the name and
try again".

If you use europacrown.com as your internal DNS domain name, you must create
a host record in your forward lookup zone for europacrown.com - the name of
the host would be www, and the IP address would be 216.17.30.189. Otherwise,
when you go to www.europacrown.com, your own DNS servers (which have been
told "you're responsible for everything on the europacrown.com domain") will
not be able to find the host internally, and will shrug and give up.

This is a major reason it is generally not recommended that you use the same
domain name for public & internal DNS. You can work around this, but it
isn't always graceful.


For some reason, attempts to access our company web site
www.europacrown.com don't work from our corporate network.

You might post the unedited output from an ipconfig /all from your
DC....

Does publishing this information to the world compromise the security
of our network?

No. Not unless you use public IPs on your network and have no firewall or
security in place - in which case you're already in mega trouble :)



I have tried the same from a dial-up connection without any
problems. Although it is not clear how long this has been an issue,
we recently promoted our a SQL server to act as a domain controller
and active directory backup.

Is it also running AD-integrated DNS?

Not sure on this one. It was deliberately introduced as a backup
both for AD and as a secondary DNS, if that answers the question.

You should check - it should be running AD-integrated DNS. Meaning, it
should be a replica of the DNS server config you have on your first DC.


Can anyone suggest ways of fault finding this issue please?
Windows server 2003 network
ISA server used as proxy
Checkpoint firewall

Thanks in anticipation

Phil




This is looking more and more like an internal conflict/resolution
issue to a network newbie.
Thanks for any further pointers you can give

Phil



.

Relevant Pages

  • Random Network Disconnects
    ... network and the only way I can seem to get it back up is to restart the box. ... Testing IpConfig - pinging the Secondary WINS server... ... DNS Host Name: itdspstest01.itd.edited.edited ... Provider Version:2 ...
    (microsoft.public.windows.server.dns)
  • RE: Server 2003 Network problems since IP address change
    ... Rightclick "My Computer", properties, Computer name or network identification, ... Is there any firewall running on client or server? ... Is the Primary DNS ... of zone WSW.local. ...
    (microsoft.public.windows.server.networking)
  • Re: About DNS naming convention for Active Directory
    ... Here's what I did so far, I set up a private network consists of the ... I did an in-place upgrade of the NT4 PDC to Active Directory 2003, ... I had no DNS service at all. ... Joined the 2003 Server as a member server and that went well too. ...
    (microsoft.public.windows.server.dns)
  • Re: Single NIC configuration with cable modem/router
    ... Internal or single network adapter configuration ... Verify the Domain Name System (DNS) pointers. ... Right-click Server Local Area Connection, ...
    (microsoft.public.windows.server.sbs)
  • RE: Strange Irregular DNS/Networking Problems
    ... My network is not a complicated set up and only has one domain controller. ... problems with DNS resolving after changing DNS servers. ... I was already using the server for DHCP. ...
    (microsoft.public.windows.server.dns)