Cannot surf certain webpage

  • Thread starter Thread starter Citimouse
  • Start date Start date
C

Citimouse

We have a Windows 2000 domain in the datacenter. The data center does not
belongs to us. We just lease some rack space from the vendor. The domain in
the data center is 123.abc.com. It has an internal DNS server and the
hostname is DB01. There is a web server in the domain and we have a webpage
that has the URL https://web01.abc.com.sg/reports/report1.ivw.

In our office network, our Windows 2003 domain is abc.com.sg and we too have
a internal DNS server. All our workstation points to the internal DNS server
which has a private IP. By pointing our workstation to the internal DNS
server, we can implement our Group Policy and Windows SUS without much
problem. However, we cannot surf the URL
https://web01.abc.com.sg/reports/report1.ivw. We still can surf the internet
without any problem.

The way to resolve this issue is to set the DNS settings of the workstation
to point to our ISP DNS server which has a public IP. However, if we do
this, our Group Policy no longer work.

I believe I must do some config in both DNS server but I have no idea how to
start. As our firewall is manage by the datacenter, must we open up TCP port
53 for any DNS replication?

Thanks in advance.
 
Citimouse said:
We have a Windows 2000 domain in the datacenter. The data center does not
belongs to us. We just lease some rack space from the vendor. The domain in
the data center is 123.abc.com. It has an internal DNS server and the
hostname is DB01. There is a web server in the domain and we have a webpage
that has the URL https://web01.abc.com.sg/reports/report1.ivw.
Click to expand...

So is web01.abc.com findable in the name space you are
using?

E.G., if using the Internet namespace, can you go to "." DNS,
find ".sg" DNS and then from there find the ".com.sg" , from
there find web1 listed?

Are you clients pointed at such a name space (DNS server
set), or in other words can the DNS server the clients do use,
accomplish the above recursion or does it use a fowarder
which can perform the actual recurion?

It's that simple if it is a "DNS issue."

If that works and you still cannot connect, then IP, firewall,
Web server, etc issues come into play.

In our office network, our Windows 2003 domain is abc.com.sg and we too have
a internal DNS server. All our workstation points to the internal DNS server
which has a private IP. By pointing our workstation to the internal DNS
server, we can implement our Group Policy and Windows SUS without much
problem. However, we cannot surf the URL
https://web01.abc.com.sg/reports/report1.ivw. We still can surf the internet
without any problem.
Click to expand...

The problem here is most people get hosed by their own
namespace vs. the INTERNET (not being in the same search
tree from the root down) but since you can resolve the Internet,
the likelyhood is that this particular domain isn't searchable in
the Internet name space.

Trying it, I find that SG does exist but that it does NOT delegate
com.sg.

Perhaps they use co, or some other subdomain/zone for commercial
organizations.

But on checking 123.com.sg, I do find that it is delegated properly
so the actual delegation of "com" is NOT necessary although it
is odd they don't include that for such a high level domain/zone.

And on searching for web01.abc.com (on the Internet) it is NOT
list.

(Also note that giving the file path is IRRELEVANT to DNS and
basic connectivety.)
The way to resolve this issue is to set the DNS settings of the workstation
to point to our ISP DNS server which has a public IP. However, if we do
this, our Group Policy no longer work.
Click to expand...

Your INTERNAL clients must point to YOUR internal DNS systems ONLY.
These DNS servers can forward to THE Internet or any other single namespace
easily -- with Win2003 you can "conditionally forward" to multiple
forwarders.

If the other company doesn't list their server then you cannot do much,
unless you are willing (or they are willing) to let you hold a Secondary,
or using Win2003 a "stub" or perhaps use conditional forwarding JUST
for their zone.
I believe I must do some config in both DNS server but I have no idea how to
start. As our firewall is manage by the datacenter, must we open up TCP port
53 for any DNS replication?
Click to expand...

DNS replication (zone transfers) expect TCP 53 requests to work to the
"master" and the response to the slave (or secondary).

Note this is different from what many people open for "client DNS
requests" which largely (but not totally) use UDP 53.
 
In
citimouse said:
Just to add, the servers in the data center uses public IP;
202.172.x.x

Thanks.
Click to expand...

Have you tried to just create a host name under your zone called web01 and
give it the external IP address?

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
pig. --
=================================
 
Back
Top