Re: Web Site Mystery


"Lanwench [MVP - Exchange]" wrote


Cool beans.

What an excellent expression! Not sure whether it has any bearing on the
matter in hand, but must make a note of it anyway.



Although we have our own corporate domain europacrown.com, we do not
host our own web site at this location.
Instead, our parent company hosts our site along with their own.
So in our DNS setup, there is a pointer to the ip address of the
host server.

What's your AD domain name? If it matches your public domain name
(europacrown.com), you're using "split brain DNS" - and yes, you
need to have a host entry for www which points to the correct public
IP.

Our AD domain is europa.

That's the NetBIOS name - think of it as a nickname. The full name has to
end in dot-something. Run an ipconfig /all on your server and you'll see
the full name - or ping your server by its NetBIOS name and it should
reply with the FQDN (servername.domain.whatever)

From the ISA server I get europaem.europa.local


There is an entry in our DNS report which must point to the correct
public IP as the web site is accessible from any other browser
connection outside our LAN.


What do you get when you ping www.europacrown.com ? Does it return
the correct public IP? I get 216.17.30.189....



Interesting.
I believe that our firewall blocks attempts at external pings.

Outbound? That sucks. I'd turn that "feature" off. Pinging is a very
useful connectivity test. Blocking inbound ICMP is a Good Thing.

I'll talk to the firewall "management" about that one.



When I ping any other address it does resolve to an ip address but
returns "request timed out".

That's often useful anyway - could be that the remote host blocks ping
requests. Just to check name resolution, ping is still useful.
However, when I ping www.europacrown.com it returns "Ping request
could not find host www.europacrown.com. Please check the name and
try again".

If you use europacrown.com as your internal DNS domain name, you must
create a host record in your forward lookup zone for europacrown.com -
the name of the host would be www, and the IP address would be
216.17.30.189. Otherwise, when you go to www.europacrown.com, your own DNS
servers (which have been told "you're responsible for everything on the
europacrown.com domain") will not be able to find the host internally, and
will shrug and give up.

This is a major reason it is generally not recommended that you use the
same domain name for public & internal DNS. You can work around this, but
it isn't always graceful.

I believe that the .europa.local part of the FQDN confirms that the above 2
paragraphs don't apply in this case?




For some reason, attempts to access our company web site
www.europacrown.com don't work from our corporate network.

You might post the unedited output from an ipconfig /all from your
DC....

Does publishing this information to the world compromise the security
of our network?

No. Not unless you use public IPs on your network and have no firewall or
security in place - in which case you're already in mega trouble :)

Would the ipconfig all info still be useful to help solve this?
If so, do you require domain controller server, ISA/Exchange server, second
DC or all three?




I have tried the same from a dial-up connection without any
problems. Although it is not clear how long this has been an issue,
we recently promoted our a SQL server to act as a domain controller
and active directory backup.

Is it also running AD-integrated DNS?

Not sure on this one. It was deliberately introduced as a backup
both for AD and as a secondary DNS, if that answers the question.

You should check - it should be running AD-integrated DNS. Meaning, it
should be a replica of the DNS server config you have on your first DC.

How do I confirm this?



Can anyone suggest ways of fault finding this issue please?
Windows server 2003 network
ISA server used as proxy
Checkpoint firewall

Thanks in anticipation

Phil




This is looking more and more like an internal conflict/resolution
issue to a network newbie.
Thanks for any further pointers you can give

Phil


Thanks for your help with all this Lanwench


Phil


.

Relevant Pages

  • Random Network Disconnects
    ... network and the only way I can seem to get it back up is to restart the box. ... Testing IpConfig - pinging the Secondary WINS server... ... DNS Host Name: itdspstest01.itd.edited.edited ... Provider Version:2 ...
    (microsoft.public.windows.server.dns)
  • RE: Server 2003 Network problems since IP address change
    ... Rightclick "My Computer", properties, Computer name or network identification, ... Is there any firewall running on client or server? ... Is the Primary DNS ... of zone WSW.local. ...
    (microsoft.public.windows.server.networking)
  • Re: About DNS naming convention for Active Directory
    ... Here's what I did so far, I set up a private network consists of the ... I did an in-place upgrade of the NT4 PDC to Active Directory 2003, ... I had no DNS service at all. ... Joined the 2003 Server as a member server and that went well too. ...
    (microsoft.public.windows.server.dns)
  • Re: Single NIC configuration with cable modem/router
    ... Internal or single network adapter configuration ... Verify the Domain Name System (DNS) pointers. ... Right-click Server Local Area Connection, ...
    (microsoft.public.windows.server.sbs)
  • RE: Strange Irregular DNS/Networking Problems
    ... My network is not a complicated set up and only has one domain controller. ... problems with DNS resolving after changing DNS servers. ... I was already using the server for DHCP. ...
    (microsoft.public.windows.server.dns)