No more hiding in the server room
DNS Issue due to AD Naming Booboo
Hi all - really struggling with this one.
I support a charity that has a W2k3 server setup running AD with an AD name of charityname.com. This was setup some years back. Roll on a few years and they've also registered the web domain of (you've guessed it) charitydomain.com and were surprised when they couldn't reach it.
As I was away for a few days and unable to remote in I simply talked their most techy person through creating an lm/hosts entry that pointed www.charitydomain.com to the correct external IP and all worked well.
Roll forward a bit more and the IP at the hoster changes (for those that care the server was hacked) and security beefed up. So I decide to take this opportunity to get rid of the lm/hosts file entry and add an A record to DNS to point www at the new IP.
However this isn't working.
Firefox flicks between 'waiting for' and 'connecting to' the domain whilst IE8 simply says it 'can't display the website'. So I decide I must have somethign wrong and to prove the point remove teh A record and use lm/hosts entry and exactly the same (yes cache is flushed, etc in between each change).
OK, so it's not a fault of the A record I created. At this stage I start digging through the setup and can find no erros whatsoever. Nothing in event logs, nothing when using dns debug - literally nothing which makes me think something screwy is going on.
I should add that when the A record (or hosts) entry is in place I can ping and trace to the IP with no problems.
To ensure nothing local was blocking the name resolution I set one of the clients to use OpenDNS and it worked straight away. So I configured up the DNS box to use OpenDNS as its lookup for 'all other domains' and it still doesn't work. My guess here is because the www is still being seen as part of the internal AD structure.
So good folks of sysadmin I've come to seek your knowledge of what to try?
Am I missing something blindingly obvious?
Is there a workaround that will work?
Is there a way to prove my A record is working and that is definitely teh hosters fault?
Any and all help appreciated.
Tx. Stuart
I support a charity that has a W2k3 server setup running AD with an AD name of charityname.com. This was setup some years back. Roll on a few years and they've also registered the web domain of (you've guessed it) charitydomain.com and were surprised when they couldn't reach it.
As I was away for a few days and unable to remote in I simply talked their most techy person through creating an lm/hosts entry that pointed www.charitydomain.com to the correct external IP and all worked well.
Roll forward a bit more and the IP at the hoster changes (for those that care the server was hacked) and security beefed up. So I decide to take this opportunity to get rid of the lm/hosts file entry and add an A record to DNS to point www at the new IP.
However this isn't working.
Firefox flicks between 'waiting for' and 'connecting to' the domain whilst IE8 simply says it 'can't display the website'. So I decide I must have somethign wrong and to prove the point remove teh A record and use lm/hosts entry and exactly the same (yes cache is flushed, etc in between each change).
OK, so it's not a fault of the A record I created. At this stage I start digging through the setup and can find no erros whatsoever. Nothing in event logs, nothing when using dns debug - literally nothing which makes me think something screwy is going on.
I should add that when the A record (or hosts) entry is in place I can ping and trace to the IP with no problems.
To ensure nothing local was blocking the name resolution I set one of the clients to use OpenDNS and it worked straight away. So I configured up the DNS box to use OpenDNS as its lookup for 'all other domains' and it still doesn't work. My guess here is because the www is still being seen as part of the internal AD structure.
So good folks of sysadmin I've come to seek your knowledge of what to try?
Am I missing something blindingly obvious?
Is there a workaround that will work?
Is there a way to prove my A record is working and that is definitely teh hosters fault?
Any and all help appreciated.
Tx. Stuart
Views: 3
Replies to This Discussion
-
Permalink Reply by Adam Ruth on -
One possibility is that the server may be redirecting to a different host name, one that is in OpenDNS but not in your local DNS. Can you telnet to port 80 when using the local DNS or connect with something like curl?
-
Permalink Reply by Stuart on -
Hi Adam ... if I don't use OpenDNS settings and just rely on the internal DNS to forward stuff I don't even get to www.whatever - however, when using an external DNS or the A record is in place I can telnet to port 80 no problems.
The site is 100% ok - it's just internal clients can't see it because something is (I presume) causing www to resolve to the internal address and not the external one.
Never used curl before so couldn't answer that one.
Tx for teh reply.
-
Permalink Reply by Stuart on
-
I;ve also tried live http header plugin for firefox :
http://www.charitydomain.com/
GET / HTTP/1.1
Host: www.vinecc.org
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.2; en-GB; rv:1.9.1.9) Gecko/20100315 Firefox/3.5.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
HTTP/1.1 301 Moved Permanently
Date: Thu, 13 May 2010 15:00:07 GMT
Server: Apache/2.2.14 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_fastcgi/2.4.6 Phusion_Passenger/2.2.5
X-Powered-By: PHP/5.2.12
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
X-Pingback: http://charitydomain.com/xmlrpc.php
Set-Cookie: PHPSESSID=c5b5e0d6c4cbeea48981c77c420363e6; path=/
Location: http://charitydomain.com/
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8
-
Permalink Reply by Stuart on
-
And in case anyone hadn't realised - then charitydomain.com is not the name of the doamin. I'm just using that to maintain a semblence of privacy.
-
Permalink Reply by John McGrath on -
Have you tried Traceroute to find what the last hop is, without the A record info in your lm/hosts file? If it is stopping at your DNS, Then it is not your host.
Your GET message is showing that your Domain name was moved... no forwarder?
-
Permalink Reply by Stuart on
-
John - without the A record or the lm/hosts entry then traceroute doesn't work as the internal DNS believes it to be a part of the AD setup. Once an entry is in place the traceroute takes you right through to the correct box.
I know it stops at my DNS but with teh A record or the lm/hosts entry it used to work until the host moved us and beefed up their security. If it isn't them, then me changing the IP and flushing the cache means it should now work.
-
Permalink Reply by John McGrath on
-
Glad you got this resolved.
-
Permalink Reply by Stuart on
-
All is now ok - well almost.
It dawned on me when the hoster asked something that the 'other change' made was that the site is now using Wordpress and this has canonical redirects builtin - so every request to www was being redircted to the non-www version and consequently looping back to the DC which had no idea what to do with it.
Now I just need to remove the redirects and they should be good to go.
So thanks for any assists and head scratching done along the way folks.
© 2012 Created by Elizabeth Ayer and Michael Francis.
Powered by
