Page 1 of 3 123 LastLast
Results 1 to 10 of 21

Thread: DNS problem?

  1. #1
    It's a gas!
    Join Date
    Jul 2002
    Posts
    699

    DNS problem?

    Both myself and the company i work for are with the same ISP, a fairly small one, and we have both been assigned IPs in the same range i.e. 111.111.111.111/16.
    My company has their IP assigned to the eth0 of the router and an internal address on eth1 of the router.
    The router is configured to forward HTTP and RDP requests to one of our servers on the relevant port.
    My works website is hosted on this server and the URL resolves to my works static IP.

    I can browse all websites fine from home except one, my works website, which i cant access by IP address either.
    I can however access my works website when using an anonymous proxy from home.

    Ive just recently noticed as well that i cant RDP to the above mentioned server, even though port forwarding has been configured and "allow remote connections" has been enabled on the server.
    I can RDP to the server from my work PC to the internal IP of the server.

    Ive spoken with my ISP whos "IT Manager" is supposed to have called me back 2 weeks ago to resolve.

    What could be the problem here? Im guessing its a problem with my ISPs DNS servers?

    Any help would be appreciated cos im stumped.

    Cheers

  2. #2
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    It might be worth flushing your local DNS cache? At least you know you will have a level playing field then.

  3. #3
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,915
    Hey Hey,

    It's definitely not a DNS problem if the same thing happens when you use the IP...

    It sounds to me like it's the ISP's problem..

    Here are some things that ISPs implement:

    1. Partial "broadcast" filtering... Due to the age-old smurf attacks of the past... Many ISPs filter what they consider to be the broadcast address... However ISPs take the lazy man's way out in this process and just filter .255 addresses... This causes problems with ISPs (for example Rogers Cable) who supernet, making .255 a perfectly valid IP Address...

    2. Filter specific ports... This is primarily 139 and 445... It's the ISPs way of limiting the spread of worms among their customers.... Port 25 has also made it's way onto that list with many ISPs to stop mass mailers... (This is generaly residential internet since there's a good chance businesses would require port 25)..

    3. Filter internal requests... Some ISPs are offering "Business" filtering now.. I know someone who was recently scammed into this... They filter your ports from all other IPs on the same subnet... The public can access your business just fine but worms can't spread internally between customers... The problem with this that ISPs have failed to realize is that most businesses paying for a Cable / DSL business line are gong to be small businesses that are local... and they will probably want other local users to access their websites..

    It sounds to me like #3 is occuring.... but I can't say for certain that they have that implemented... It could be that your office is performing that type of filtering to eliminate worms and such...

  4. #4
    It's a gas!
    Join Date
    Jul 2002
    Posts
    699
    Could it be that the ISPs DNS servers have no host (A) records for these IPs in either the of the lookup zones?
    I dont think that the ISP is implementing #3, this is a local, small fish ISP providing wireless internet to under 1000 people.

  5. #5
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Try to connect using the IP address. If that doens't work either it's not DNS (as HTRegz already mentioned).
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  6. #6
    Junior Member
    Join Date
    Feb 2003
    Posts
    19
    HTRegz is right if you can't connect to the ip address it has nothing to do with DNS. Typeing in the ip will completely bypass DNS.

    a few handy tricks to troubbleshooting network/internet problems is:

    Ping "hostname/IP"
    Here you can see several things. The first you can see is if your DNS resolves the hostname to an ip address or not. Also if ICMP is allowed you can confirm that you can actually reach the ip/hostname in question.
    If it fails to resolve the hostname, you have either made a typo or you have a DNS related problem.

    If your DNS resolves the hostname as it should but you can't reach the IP address. Try a telnet "hostname/ip" "port". As an example if your trying to access your webserver the following line will show you if you have connectivity.

    telnet www.domain.com 80
    once connected the type the following line to query the server
    gethtml

    You will probably not be able see more than the webserver giving you a bad request - but from this we at least learned that it is responsive on the following port. If you are denied - you reach the server but the service isn't available. If you get a timeout it might be once again a typo or you can't actually reach the ip in question.


    If you are sure the service is running, check if ICMP is allowed or not.

    Then traceroute (tracert in windows if i remember correctly) "hostname/IP"

    This will show the route you take across the internet. If you get a timeout on the way, the two most commen reasons are,

    1) ICMP is not allowed
    2) Routing problem

    The easiest (not bulletproof though) way to determine if it a routing problem is to look at the hops. If it dies nowhere near the ip address you're trying to reach it might very well be buggy routing, if it dies one or two hops before you should reach the ip it is most likely ICMP.

    Without more detailed information it could be everything from buggy routing to filtering, a typo in the firewall forward rule etc. So instead of assuming what is the problem i recommend eliminating the possibilities one by one and hopefully you will see the light along the way.

    Since u can only see it through a proxy it might be some internal routing bug (an interface on your POP wrongly configured with the ip that now belongs to your company) or alike that gives you problemes.

    Remember that if you find any evidence on ping/telnet/traceroute make sure to send it to your ISP. This tends either to help them locate the problem or better yet makes it very hard for them to ignore the error and write it off as "dumb" customer that actually has no problems.

  7. #7
    It's a gas!
    Join Date
    Jul 2002
    Posts
    699
    When i try pinging my works external IP i get timeouts even though ICMP replies is enabled and vice versa pinging my home pc from work.
    Ill get back onto my ISP.

    Thanks for the help guys.

  8. #8
    Senior Member
    Join Date
    Jul 2001
    Posts
    343
    Better check your border router.... sounds like a mis-configure
    Franklin Werren at www.bagpipes.net
    Yes I do play the Bagpipes!

    And learning to Play the Bugle

  9. #9
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    This definately smells like a routing problem.
    What were the results of your tracert from home? Where is it failing?
    What were the results of your tracert from work? Where is it failing?

    Since you are both on the same subnet, make sure both your home router's WAN interface and the work router's WAN interface have the correct ip settings. INCLUDING the subnet mask. You said that your work IP is statically configured, is that also true for your home connection?

    BTW: From the sound of it, you have one IP address and that is port forwarded to a server on your internal network. I hope you understand that you really should not do this for public servers. This server should be a stand alone server and should sit in the DMZ behind a firewall. It is never a very good idea to serve from your internal LAN. If you need to access your corporate network from outside... use a VPN!
    Last edited by phishphreek; May 17th, 2007 at 12:37 PM.
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  10. #10
    rebmeM roineS enilnOitnA steve.milner's Avatar
    Join Date
    Jul 2003
    Posts
    1,021
    Quote Originally Posted by phishphreek
    What were the results of your tracert? Where is it failing?

    Since you are both on the same subnet, make sure both your home router's WAN interface and the work router's WAN interface have the correct ip settings. INCLUDING the subnet mask.

    BTW: From the sound of it, you have one IP address and that is port forwarded to a server on your internal network. I hope you understand that you really should not do this for public servers. This server should be a stand alone server and should sit in the DMZ behind a firewall. It is never a very good idea to serve from your internal LAN. If you need to access your corporate network from outside... use a VPN!
    I have to agree, this is where I would start looking. Especially if the routers are supplied by the ISP

    Steve
    IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com

Similar Threads

  1. The Problem Saga Continues
    By The Texan in forum Operating Systems
    Replies: 16
    Last Post: June 22nd, 2006, 08:04 PM
  2. A Headache of an Email Problem
    By AngelicKnight in forum General Computer Discussions
    Replies: 14
    Last Post: June 15th, 2006, 04:04 AM
  3. 500 mile email problem
    By Tedob1 in forum Tech Humor
    Replies: 0
    Last Post: December 23rd, 2002, 04:58 PM
  4. C problem...
    By Rna in forum General Programming Questions
    Replies: 4
    Last Post: May 22nd, 2002, 07:03 AM
  5. Help! I've got a nasty IDE problem
    By thesecretfire in forum Hardware
    Replies: 16
    Last Post: May 17th, 2002, 12:31 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •