Cant view certain websites from different locations

  • Thread starter Thread starter Illyrian
  • Start date Start date
I

Illyrian

Hi all!

I am a new user and my problem is that i can access different websites
using a dial up account or a cable connection without problems, but
when i try to access these sites from work which is in a lan
environment, i get an error message: We can't find "domain.com"
/dnserror.aspx?FORM=DNSAS&q=.


there is norton corporate edition loaded in the server and we use a
neutopia router.

I dont understand how come i can view some sites but i can not view
others sites but mine and i have no problem viewing these other sites
from any other location.

How do i know if the DNS in the server (windows 2000) is setup
properley?

this is what i got in a dns report :

WARN
Nameservers on separate class C's
WARNING: All of your nameservers (listed at the parent nameservers)
are in the same Class C (technically, /24) address space, which means
that they are probably at the same physical location. Your nameservers
should be at geographically dispersed locations. You should not have
all of your nameservers at the same location. RFC2182 3.1 goes into
more detail about secondary nameserver location.

WARN
Multiple MX records
WARNING: You only have 1 MX record. If your primary mail server is
down or unreachable, there is a chance that mail may have troubles
reaching you.

WARN
Mail server host name in greeting
WARNING: One or more of your mailservers may be claiming to be a host
other than what it really is (the SMTP greeting should be a 3-digit
code, followed by a space or a dash, then the host name). This
probably won't cause any harm, but may be a technical violation of
RFC821 4.3 (and RFC2821 4.3.1

WARN
Acceptance of domain literals
WARN: One or more of your mailservers does not accept mail in the
domain literal format (user@[0.0.0.0]). Mailservers are technically
required RFC1123 5.2.17 to accept mail to domain literals for any of
its IP addresses. Not accepting domain literals can make it more
difficult to test your mailserver, and can prevent you from receiving
E-mail from people reporting problems with your mailserver. However,
it is unlikely that any problems will occur if the domain literals are
not accepted.

WARN
SOA Serial Number
WARNING: Your SOA serial number is: 200410262. That is OK, but the
recommended format (per RFC1912 2.2) is YYYYMMDDnn, where 'nn' is the
revision. For example, if you are making the 3rd change on 02 May
2000, you would use 2000050203. This number must be incremented every
time you make a DNS change.


WARN
SOA REFRESH value
WARNING: Your SOA REFRESH interval is : 600 seconds. This seems low.
You should consider increasing this value to about 3600-7200 seconds.
RFC1912 2.2 recommends a value between 1200 to 43200 seconds (20
minutes to 12 hours). A value that is too low will unncessarily
increase Internet traffic.



FAIL
SOA EXPIRE value
WARNING: Your SOA EXPIRE time is : 600 seconds. This seems very low.
You should consider increasing this value to about 1209600 to 2419200
seconds (2 to 4 weeks). RFC1912 recommends 2-4 weeks. This is how long
a secondary/slave nameserver will wait before considering its DNS data
stale if it can't reach the primary nameserver.

WARN
SOA MINIMUM TTL value
WARNING: Your SOA MINIMUM TTL is : 600 seconds. This seems low (unless
you are just about to update your DNS). You should consider increasing
this value to somewhere between 3600 and 10800. RFC2308 suggests a
value of 1-3 hours. This value used to determine the default
(technically, minimum) TTL (time-to-live) for DNS entries, but now is
used for negative caching.

THANKS A LOT FOR THE HELP
 
None of the warnings you listed will have any real
impact on your normal operation, and are not
related to your problem.

There are a number of possibilities, but the
best way to narrow it down is to do the
following:

1) Start...Run..."cmd"

(Make sure that the DOS window buffer is at least
300 so that you can scroll text back)

2) ...> nslookup

3) >set debug

4) >www.domain.com.
(whatever name you are trying to access).

6) >exit

7) ...> ipconfig /all

8) Now copy the entire output from the cmd window and
paste it in to a reply here so we can see it.

9) ...>exit

Steve Duff, MCSE, MVP
Ergodic Systems, Inc.

Illyrian said:
Hi all!

I am a new user and my problem is that i can access different websites
using a dial up account or a cable connection without problems, but
when i try to access these sites from work which is in a lan
environment, i get an error message: We can't find "domain.com"
/dnserror.aspx?FORM=DNSAS&q=.


there is norton corporate edition loaded in the server and we use a
neutopia router.

I dont understand how come i can view some sites but i can not view
others sites but mine and i have no problem viewing these other sites
from any other location.

How do i know if the DNS in the server (windows 2000) is setup
properley?

this is what i got in a dns report :

WARN
Nameservers on separate class C's
WARNING: All of your nameservers (listed at the parent nameservers)
are in the same Class C (technically, /24) address space, which means
that they are probably at the same physical location. Your nameservers
should be at geographically dispersed locations. You should not have
all of your nameservers at the same location. RFC2182 3.1 goes into
more detail about secondary nameserver location.

WARN
Multiple MX records
WARNING: You only have 1 MX record. If your primary mail server is
down or unreachable, there is a chance that mail may have troubles
reaching you.

WARN
Mail server host name in greeting
WARNING: One or more of your mailservers may be claiming to be a host
other than what it really is (the SMTP greeting should be a 3-digit
code, followed by a space or a dash, then the host name). This
probably won't cause any harm, but may be a technical violation of
RFC821 4.3 (and RFC2821 4.3.1

WARN
Acceptance of domain literals
WARN: One or more of your mailservers does not accept mail in the
domain literal format (user@[0.0.0.0]). Mailservers are technically
required RFC1123 5.2.17 to accept mail to domain literals for any of
its IP addresses. Not accepting domain literals can make it more
difficult to test your mailserver, and can prevent you from receiving
E-mail from people reporting problems with your mailserver. However,
it is unlikely that any problems will occur if the domain literals are
not accepted.

WARN
SOA Serial Number
WARNING: Your SOA serial number is: 200410262. That is OK, but the
recommended format (per RFC1912 2.2) is YYYYMMDDnn, where 'nn' is the
revision. For example, if you are making the 3rd change on 02 May
2000, you would use 2000050203. This number must be incremented every
time you make a DNS change.


WARN
SOA REFRESH value
WARNING: Your SOA REFRESH interval is : 600 seconds. This seems low.
You should consider increasing this value to about 3600-7200 seconds.
RFC1912 2.2 recommends a value between 1200 to 43200 seconds (20
minutes to 12 hours). A value that is too low will unncessarily
increase Internet traffic.



FAIL
SOA EXPIRE value
WARNING: Your SOA EXPIRE time is : 600 seconds. This seems very low.
You should consider increasing this value to about 1209600 to 2419200
seconds (2 to 4 weeks). RFC1912 recommends 2-4 weeks. This is how long
a secondary/slave nameserver will wait before considering its DNS data
stale if it can't reach the primary nameserver.

WARN
SOA MINIMUM TTL value
WARNING: Your SOA MINIMUM TTL is : 600 seconds. This seems low (unless
you are just about to update your DNS). You should consider increasing
this value to somewhere between 3600 and 10800. RFC2308 suggests a
value of 1-3 hours. This value used to determine the default
(technically, minimum) TTL (time-to-live) for DNS entries, but now is
used for negative caching.

THANKS A LOT FOR THE HELP
Click to expand...
 
Hi Steve!

Thanks for your reply.

When i tried to run "ipconfig /all" i saw a dos window which disappeared briefly.

This is the rest of the log:

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

P:\>nslookup
Default Server: dns-01.futureway.com
Address: 64.119.104.2
set debug
www.alkospace.com
Click to expand...
Server: dns-01.futureway.com
Address: 64.119.104.2

------------
Got answer:
HEADER:
opcode = QUERY, id = 2, rcode = NXDOMAIN
header flags: response, want recursion, recursion avail.
questions = 1, answers = 0, authority records = 1, additional = 0

QUESTIONS:
www.alkospace.com.INS.LAN, type = A, class = IN
AUTHORITY RECORDS:
-> (root)
ttl = 10800 (3 hours)
primary name server = A.ROOT-SERVERS.NET
responsible mail addr = NSTLD.VERISIGN-GRS.COM
serial = 2004102700
refresh = 1800 (30 mins)
retry = 900 (15 mins)
expire = 604800 (7 days)
default TTL = 86400 (1 day)

------------
------------
Got answer:
HEADER:
opcode = QUERY, id = 3, rcode = NOERROR
header flags: response, want recursion, recursion avail.
questions = 1, answers = 2, authority records = 2, additional = 0

QUESTIONS:
www.alkospace.com, type = A, class = IN
ANSWERS:
-> www.alkospace.com
canonical name = alkospace.com
ttl = 14400 (4 hours)
-> alkospace.com
internet address = 67.19.206.212
ttl = 14400 (4 hours)
AUTHORITY RECORDS:
-> alkospace.com
nameserver = ns2.21hostingservers.com
ttl = 14400 (4 hours)
-> alkospace.com
nameserver = ns1.21hostingservers.com
ttl = 14400 (4 hours)

------------
Non-authoritative answer:
Name: alkospace.com
Address: 67.19.206.212
Aliases: www.alkospace.com



Thank you



Steve Duff said:
None of the warnings you listed will have any real
impact on your normal operation, and are not
related to your problem.

There are a number of possibilities, but the
best way to narrow it down is to do the
following:

1) Start...Run..."cmd"

(Make sure that the DOS window buffer is at least
300 so that you can scroll text back)

2) ...> nslookup

3) >set debug

4) >www.domain.com.
(whatever name you are trying to access).

6) >exit

7) ...> ipconfig /all

8) Now copy the entire output from the cmd window and
paste it in to a reply here so we can see it.

9) ...>exit

Steve Duff, MCSE, MVP
Ergodic Systems, Inc.

Illyrian said:
Hi all!

I am a new user and my problem is that i can access different websites
using a dial up account or a cable connection without problems, but
when i try to access these sites from work which is in a lan
environment, i get an error message: We can't find "domain.com"
/dnserror.aspx?FORM=DNSAS&q=.


there is norton corporate edition loaded in the server and we use a
neutopia router.

I dont understand how come i can view some sites but i can not view
others sites but mine and i have no problem viewing these other sites
from any other location.

How do i know if the DNS in the server (windows 2000) is setup
properley?

this is what i got in a dns report :

WARN
Nameservers on separate class C's
WARNING: All of your nameservers (listed at the parent nameservers)
are in the same Class C (technically, /24) address space, which means
that they are probably at the same physical location. Your nameservers
should be at geographically dispersed locations. You should not have
all of your nameservers at the same location. RFC2182 3.1 goes into
more detail about secondary nameserver location.

WARN
Multiple MX records
WARNING: You only have 1 MX record. If your primary mail server is
down or unreachable, there is a chance that mail may have troubles
reaching you.

WARN
Mail server host name in greeting
WARNING: One or more of your mailservers may be claiming to be a host
other than what it really is (the SMTP greeting should be a 3-digit
code, followed by a space or a dash, then the host name). This
probably won't cause any harm, but may be a technical violation of
RFC821 4.3 (and RFC2821 4.3.1

WARN
Acceptance of domain literals
WARN: One or more of your mailservers does not accept mail in the
domain literal format (user@[0.0.0.0]). Mailservers are technically
required RFC1123 5.2.17 to accept mail to domain literals for any of
its IP addresses. Not accepting domain literals can make it more
difficult to test your mailserver, and can prevent you from receiving
E-mail from people reporting problems with your mailserver. However,
it is unlikely that any problems will occur if the domain literals are
not accepted.

WARN
SOA Serial Number
WARNING: Your SOA serial number is: 200410262. That is OK, but the
recommended format (per RFC1912 2.2) is YYYYMMDDnn, where 'nn' is the
revision. For example, if you are making the 3rd change on 02 May
2000, you would use 2000050203. This number must be incremented every
time you make a DNS change.


WARN
SOA REFRESH value
WARNING: Your SOA REFRESH interval is : 600 seconds. This seems low.
You should consider increasing this value to about 3600-7200 seconds.
RFC1912 2.2 recommends a value between 1200 to 43200 seconds (20
minutes to 12 hours). A value that is too low will unncessarily
increase Internet traffic.



FAIL
SOA EXPIRE value
WARNING: Your SOA EXPIRE time is : 600 seconds. This seems very low.
You should consider increasing this value to about 1209600 to 2419200
seconds (2 to 4 weeks). RFC1912 recommends 2-4 weeks. This is how long
a secondary/slave nameserver will wait before considering its DNS data
stale if it can't reach the primary nameserver.

WARN
SOA MINIMUM TTL value
WARNING: Your SOA MINIMUM TTL is : 600 seconds. This seems low (unless
you are just about to update your DNS). You should consider increasing
this value to somewhere between 3600 and 10800. RFC2308 suggests a
value of 1-3 hours. This value used to determine the default
(technically, minimum) TTL (time-to-live) for DNS entries, but now is
used for negative caching.

THANKS A LOT FOR THE HELP
Click to expand...
Click to expand...
 
The nslookup trace says that you are able to
resolve www.alkospace.com to an address.

You can confirm this by opening a CMD
window and typing the command

ping www.alkospace.com

It should try to ping -- it doesn't matter
if the ping is successful, as long as it
translates the name. The address it
is pinging should be 67.19.206.212.
Check that.

Assuming that is OK, it means you have a
web browser configuration problem,
or you have a corporate firewall or proxy
server which is restricting access.

Assuming you are not using a proxy server,
go to the Internet properties in control panel,
and disable everything in LAN settings,
including "automatically detect proxy".

Make sure there are no proxy ports set for ad
or spyware blockers. Disable personal
firewalls, antivirus script blockers, spyware
real-time monitors etc. IOW any system software
that sits between your browser and the Internet.
One of them is likely to be the problem.

Steve Duff, MCSE, MVP
Ergodic Systems, Inc.

Illyrian said:
Hi Steve!

Thanks for your reply.

When i tried to run "ipconfig /all" i saw a dos window which disappeared briefly.

This is the rest of the log:

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

P:\>nslookup
Default Server: dns-01.futureway.com
Address: 64.119.104.2
set debug
www.alkospace.com
Click to expand...
Server: dns-01.futureway.com
Address: 64.119.104.2

------------
Got answer:
HEADER:
opcode = QUERY, id = 2, rcode = NXDOMAIN
header flags: response, want recursion, recursion avail.
questions = 1, answers = 0, authority records = 1, additional = 0

QUESTIONS:
www.alkospace.com.INS.LAN, type = A, class = IN
AUTHORITY RECORDS:
-> (root)
ttl = 10800 (3 hours)
primary name server = A.ROOT-SERVERS.NET
responsible mail addr = NSTLD.VERISIGN-GRS.COM
serial = 2004102700
refresh = 1800 (30 mins)
retry = 900 (15 mins)
expire = 604800 (7 days)
default TTL = 86400 (1 day)

------------
------------
Got answer:
HEADER:
opcode = QUERY, id = 3, rcode = NOERROR
header flags: response, want recursion, recursion avail.
questions = 1, answers = 2, authority records = 2, additional = 0

QUESTIONS:
www.alkospace.com, type = A, class = IN
ANSWERS:
-> www.alkospace.com
canonical name = alkospace.com
ttl = 14400 (4 hours)
-> alkospace.com
internet address = 67.19.206.212
ttl = 14400 (4 hours)
AUTHORITY RECORDS:
-> alkospace.com
nameserver = ns2.21hostingservers.com
ttl = 14400 (4 hours)
-> alkospace.com
nameserver = ns1.21hostingservers.com
ttl = 14400 (4 hours)

------------
Non-authoritative answer:
Name: alkospace.com
Address: 67.19.206.212
Aliases: www.alkospace.com



Thank you



Steve Duff said:
None of the warnings you listed will have any real
impact on your normal operation, and are not
related to your problem.

There are a number of possibilities, but the
best way to narrow it down is to do the
following:

1) Start...Run..."cmd"

(Make sure that the DOS window buffer is at least
300 so that you can scroll text back)

2) ...> nslookup

3) >set debug

4) >www.domain.com.
(whatever name you are trying to access).

6) >exit

7) ...> ipconfig /all

8) Now copy the entire output from the cmd window and
paste it in to a reply here so we can see it.

9) ...>exit

Steve Duff, MCSE, MVP
Ergodic Systems, Inc.

Illyrian said:
Hi all!

I am a new user and my problem is that i can access different websites
using a dial up account or a cable connection without problems, but
when i try to access these sites from work which is in a lan
environment, i get an error message: We can't find "domain.com"
/dnserror.aspx?FORM=DNSAS&q=.


there is norton corporate edition loaded in the server and we use a
neutopia router.

I dont understand how come i can view some sites but i can not view
others sites but mine and i have no problem viewing these other sites
from any other location.

How do i know if the DNS in the server (windows 2000) is setup
properley?

this is what i got in a dns report :

WARN
Nameservers on separate class C's
WARNING: All of your nameservers (listed at the parent nameservers)
are in the same Class C (technically, /24) address space, which means
that they are probably at the same physical location. Your nameservers
should be at geographically dispersed locations. You should not have
all of your nameservers at the same location. RFC2182 3.1 goes into
more detail about secondary nameserver location.

WARN
Multiple MX records
WARNING: You only have 1 MX record. If your primary mail server is
down or unreachable, there is a chance that mail may have troubles
reaching you.

WARN
Mail server host name in greeting
WARNING: One or more of your mailservers may be claiming to be a host
other than what it really is (the SMTP greeting should be a 3-digit
code, followed by a space or a dash, then the host name). This
probably won't cause any harm, but may be a technical violation of
RFC821 4.3 (and RFC2821 4.3.1

WARN
Acceptance of domain literals
WARN: One or more of your mailservers does not accept mail in the
domain literal format (user@[0.0.0.0]). Mailservers are technically
required RFC1123 5.2.17 to accept mail to domain literals for any of
its IP addresses. Not accepting domain literals can make it more
difficult to test your mailserver, and can prevent you from receiving
E-mail from people reporting problems with your mailserver. However,
it is unlikely that any problems will occur if the domain literals are
not accepted.

WARN
SOA Serial Number
WARNING: Your SOA serial number is: 200410262. That is OK, but the
recommended format (per RFC1912 2.2) is YYYYMMDDnn, where 'nn' is the
revision. For example, if you are making the 3rd change on 02 May
2000, you would use 2000050203. This number must be incremented every
time you make a DNS change.


WARN
SOA REFRESH value
WARNING: Your SOA REFRESH interval is : 600 seconds. This seems low.
You should consider increasing this value to about 3600-7200 seconds.
RFC1912 2.2 recommends a value between 1200 to 43200 seconds (20
minutes to 12 hours). A value that is too low will unncessarily
increase Internet traffic.



FAIL
SOA EXPIRE value
WARNING: Your SOA EXPIRE time is : 600 seconds. This seems very low.
You should consider increasing this value to about 1209600 to 2419200
seconds (2 to 4 weeks). RFC1912 recommends 2-4 weeks. This is how long
a secondary/slave nameserver will wait before considering its DNS data
stale if it can't reach the primary nameserver.

WARN
SOA MINIMUM TTL value
WARNING: Your SOA MINIMUM TTL is : 600 seconds. This seems low (unless
you are just about to update your DNS). You should consider increasing
this value to somewhere between 3600 and 10800. RFC2308 suggests a
value of 1-3 hours. This value used to determine the default
(technically, minimum) TTL (time-to-live) for DNS entries, but now is
used for negative caching.

THANKS A LOT FOR THE HELP
Click to expand...
Click to expand...
Click to expand...
 
Thank you Steve.

This is what i got:

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

P:\>ping alkospace.com

Pinging alkospace.com [67.19.206.212] with 32 bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 67.19.206.212:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),


Nothing is checked under the lan settings.

Regarding the firewall, i know that we have norton 9.0 CE loaded in
the server and use a netopia router.

THANKS FOR YOUR REPLY

Steve Duff said:
The nslookup trace says that you are able to
resolve www.alkospace.com to an address.

You can confirm this by opening a CMD
window and typing the command

ping www.alkospace.com

It should try to ping -- it doesn't matter
if the ping is successful, as long as it
translates the name. The address it
is pinging should be 67.19.206.212.
Check that.

Assuming that is OK, it means you have a
web browser configuration problem,
or you have a corporate firewall or proxy
server which is restricting access.

Assuming you are not using a proxy server,
go to the Internet properties in control panel,
and disable everything in LAN settings,
including "automatically detect proxy".

Make sure there are no proxy ports set for ad
or spyware blockers. Disable personal
firewalls, antivirus script blockers, spyware
real-time monitors etc. IOW any system software
that sits between your browser and the Internet.
One of them is likely to be the problem.

Steve Duff, MCSE, MVP
Ergodic Systems, Inc.

Illyrian said:
Hi Steve!

Thanks for your reply.

When i tried to run "ipconfig /all" i saw a dos window which disappeared briefly.

This is the rest of the log:

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

P:\>nslookup
Default Server: dns-01.futureway.com
Address: 64.119.104.2
set debug
www.alkospace.com
Click to expand...
Server: dns-01.futureway.com
Address: 64.119.104.2

------------
Got answer:
HEADER:
opcode = QUERY, id = 2, rcode = NXDOMAIN
header flags: response, want recursion, recursion avail.
questions = 1, answers = 0, authority records = 1, additional = 0

QUESTIONS:
www.alkospace.com.INS.LAN, type = A, class = IN
AUTHORITY RECORDS:
-> (root)
ttl = 10800 (3 hours)
primary name server = A.ROOT-SERVERS.NET
responsible mail addr = NSTLD.VERISIGN-GRS.COM
serial = 2004102700
refresh = 1800 (30 mins)
retry = 900 (15 mins)
expire = 604800 (7 days)
default TTL = 86400 (1 day)

------------
------------
Got answer:
HEADER:
opcode = QUERY, id = 3, rcode = NOERROR
header flags: response, want recursion, recursion avail.
questions = 1, answers = 2, authority records = 2, additional = 0

QUESTIONS:
www.alkospace.com, type = A, class = IN
ANSWERS:
-> www.alkospace.com
canonical name = alkospace.com
ttl = 14400 (4 hours)
-> alkospace.com
internet address = 67.19.206.212
ttl = 14400 (4 hours)
AUTHORITY RECORDS:
-> alkospace.com
nameserver = ns2.21hostingservers.com
ttl = 14400 (4 hours)
-> alkospace.com
nameserver = ns1.21hostingservers.com
ttl = 14400 (4 hours)

------------
Non-authoritative answer:
Name: alkospace.com
Address: 67.19.206.212
Aliases: www.alkospace.com



Thank you



Steve Duff said:
None of the warnings you listed will have any real
impact on your normal operation, and are not
related to your problem.

There are a number of possibilities, but the
best way to narrow it down is to do the
following:

1) Start...Run..."cmd"

(Make sure that the DOS window buffer is at least
300 so that you can scroll text back)

2) ...> nslookup

3) >set debug

4) >www.domain.com.
(whatever name you are trying to access).

6) >exit

7) ...> ipconfig /all

8) Now copy the entire output from the cmd window and
paste it in to a reply here so we can see it.

9) ...>exit

Steve Duff, MCSE, MVP
Ergodic Systems, Inc.

Hi all!

I am a new user and my problem is that i can access different websites
using a dial up account or a cable connection without problems, but
when i try to access these sites from work which is in a lan
environment, i get an error message: We can't find "domain.com"
/dnserror.aspx?FORM=DNSAS&q=.


there is norton corporate edition loaded in the server and we use a
neutopia router.

I dont understand how come i can view some sites but i can not view
others sites but mine and i have no problem viewing these other sites
from any other location.

How do i know if the DNS in the server (windows 2000) is setup
properley?

this is what i got in a dns report :

WARN
Nameservers on separate class C's
WARNING: All of your nameservers (listed at the parent nameservers)
are in the same Class C (technically, /24) address space, which means
that they are probably at the same physical location. Your nameservers
should be at geographically dispersed locations. You should not have
all of your nameservers at the same location. RFC2182 3.1 goes into
more detail about secondary nameserver location.

WARN
Multiple MX records
WARNING: You only have 1 MX record. If your primary mail server is
down or unreachable, there is a chance that mail may have troubles
reaching you.

WARN
Mail server host name in greeting
WARNING: One or more of your mailservers may be claiming to be a host
other than what it really is (the SMTP greeting should be a 3-digit
code, followed by a space or a dash, then the host name). This
probably won't cause any harm, but may be a technical violation of
RFC821 4.3 (and RFC2821 4.3.1

WARN
Acceptance of domain literals
WARN: One or more of your mailservers does not accept mail in the
domain literal format (user@[0.0.0.0]). Mailservers are technically
required RFC1123 5.2.17 to accept mail to domain literals for any of
its IP addresses. Not accepting domain literals can make it more
difficult to test your mailserver, and can prevent you from receiving
E-mail from people reporting problems with your mailserver. However,
it is unlikely that any problems will occur if the domain literals are
not accepted.

WARN
SOA Serial Number
WARNING: Your SOA serial number is: 200410262. That is OK, but the
recommended format (per RFC1912 2.2) is YYYYMMDDnn, where 'nn' is the
revision. For example, if you are making the 3rd change on 02 May
2000, you would use 2000050203. This number must be incremented every
time you make a DNS change.


WARN
SOA REFRESH value
WARNING: Your SOA REFRESH interval is : 600 seconds. This seems low.
You should consider increasing this value to about 3600-7200 seconds.
RFC1912 2.2 recommends a value between 1200 to 43200 seconds (20
minutes to 12 hours). A value that is too low will unncessarily
increase Internet traffic.



FAIL
SOA EXPIRE value
WARNING: Your SOA EXPIRE time is : 600 seconds. This seems very low.
You should consider increasing this value to about 1209600 to 2419200
seconds (2 to 4 weeks). RFC1912 recommends 2-4 weeks. This is how long
a secondary/slave nameserver will wait before considering its DNS data
stale if it can't reach the primary nameserver.

WARN
SOA MINIMUM TTL value
WARNING: Your SOA MINIMUM TTL is : 600 seconds. This seems low (unless
you are just about to update your DNS). You should consider increasing
this value to somewhere between 3600 and 10800. RFC2308 suggests a
value of 1-3 hours. This value used to determine the default
(technically, minimum) TTL (time-to-live) for DNS entries, but now is
used for negative caching.

THANKS A LOT FOR THE HELP
Click to expand...
Click to expand...
Click to expand...
 
67.19.206.212 responds publicly to a ping from here.
Try a tracert on that address to see where the
traffic fails.

Is this address the public WAN address of your own
Netopia router? If so, it may not be able to loop traffic.
In that case you may need a private DNS entry for this
name in your local DNS, or a better router.

Steve Duff, MCSE, MVP
Ergodic Systems, Inc.

Illyrian said:
Thank you Steve.

This is what i got:

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

P:\>ping alkospace.com

Pinging alkospace.com [67.19.206.212] with 32 bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 67.19.206.212:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),


Nothing is checked under the lan settings.

Regarding the firewall, i know that we have norton 9.0 CE loaded in
the server and use a netopia router.

THANKS FOR YOUR REPLY

Steve Duff said:
The nslookup trace says that you are able to
resolve www.alkospace.com to an address.

You can confirm this by opening a CMD
window and typing the command

ping www.alkospace.com

It should try to ping -- it doesn't matter
if the ping is successful, as long as it
translates the name. The address it
is pinging should be 67.19.206.212.
Check that.

Assuming that is OK, it means you have a
web browser configuration problem,
or you have a corporate firewall or proxy
server which is restricting access.

Assuming you are not using a proxy server,
go to the Internet properties in control panel,
and disable everything in LAN settings,
including "automatically detect proxy".

Make sure there are no proxy ports set for ad
or spyware blockers. Disable personal
firewalls, antivirus script blockers, spyware
real-time monitors etc. IOW any system software
that sits between your browser and the Internet.
One of them is likely to be the problem.

Steve Duff, MCSE, MVP
Ergodic Systems, Inc.

Illyrian said:
Hi Steve!

Thanks for your reply.

When i tried to run "ipconfig /all" i saw a dos window which disappeared briefly.

This is the rest of the log:

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

P:\>nslookup
Default Server: dns-01.futureway.com
Address: 64.119.104.2

set debug
www.alkospace.com
Server: dns-01.futureway.com
Address: 64.119.104.2

------------
Got answer:
HEADER:
opcode = QUERY, id = 2, rcode = NXDOMAIN
header flags: response, want recursion, recursion avail.
questions = 1, answers = 0, authority records = 1, additional = 0

QUESTIONS:
www.alkospace.com.INS.LAN, type = A, class = IN
AUTHORITY RECORDS:
-> (root)
ttl = 10800 (3 hours)
primary name server = A.ROOT-SERVERS.NET
responsible mail addr = NSTLD.VERISIGN-GRS.COM
serial = 2004102700
refresh = 1800 (30 mins)
retry = 900 (15 mins)
expire = 604800 (7 days)
default TTL = 86400 (1 day)

------------
------------
Got answer:
HEADER:
opcode = QUERY, id = 3, rcode = NOERROR
header flags: response, want recursion, recursion avail.
questions = 1, answers = 2, authority records = 2, additional = 0

QUESTIONS:
www.alkospace.com, type = A, class = IN
ANSWERS:
-> www.alkospace.com
canonical name = alkospace.com
ttl = 14400 (4 hours)
-> alkospace.com
internet address = 67.19.206.212
ttl = 14400 (4 hours)
AUTHORITY RECORDS:
-> alkospace.com
nameserver = ns2.21hostingservers.com
ttl = 14400 (4 hours)
-> alkospace.com
nameserver = ns1.21hostingservers.com
ttl = 14400 (4 hours)

------------
Non-authoritative answer:
Name: alkospace.com
Address: 67.19.206.212
Aliases: www.alkospace.com





Thank you



None of the warnings you listed will have any real
impact on your normal operation, and are not
related to your problem.

There are a number of possibilities, but the
best way to narrow it down is to do the
following:

1) Start...Run..."cmd"

(Make sure that the DOS window buffer is at least
300 so that you can scroll text back)

2) ...> nslookup

3) >set debug

4) >www.domain.com.
(whatever name you are trying to access).

6) >exit

7) ...> ipconfig /all

8) Now copy the entire output from the cmd window and
paste it in to a reply here so we can see it.

9) ...>exit

Steve Duff, MCSE, MVP
Ergodic Systems, Inc.

Hi all!

I am a new user and my problem is that i can access different websites
using a dial up account or a cable connection without problems, but
when i try to access these sites from work which is in a lan
environment, i get an error message: We can't find "domain.com"
/dnserror.aspx?FORM=DNSAS&q=.


there is norton corporate edition loaded in the server and we use a
neutopia router.

I dont understand how come i can view some sites but i can not view
others sites but mine and i have no problem viewing these other sites
from any other location.

How do i know if the DNS in the server (windows 2000) is setup
properley?

this is what i got in a dns report :

WARN
Nameservers on separate class C's
WARNING: All of your nameservers (listed at the parent nameservers)
are in the same Class C (technically, /24) address space, which means
that they are probably at the same physical location. Your nameservers
should be at geographically dispersed locations. You should not have
all of your nameservers at the same location. RFC2182 3.1 goes into
more detail about secondary nameserver location.

WARN
Multiple MX records
WARNING: You only have 1 MX record. If your primary mail server is
down or unreachable, there is a chance that mail may have troubles
reaching you.

WARN
Mail server host name in greeting
WARNING: One or more of your mailservers may be claiming to be a host
other than what it really is (the SMTP greeting should be a 3-digit
code, followed by a space or a dash, then the host name). This
probably won't cause any harm, but may be a technical violation of
RFC821 4.3 (and RFC2821 4.3.1

WARN
Acceptance of domain literals
WARN: One or more of your mailservers does not accept mail in the
domain literal format (user@[0.0.0.0]). Mailservers are technically
required RFC1123 5.2.17 to accept mail to domain literals for any of
its IP addresses. Not accepting domain literals can make it more
difficult to test your mailserver, and can prevent you from receiving
E-mail from people reporting problems with your mailserver. However,
it is unlikely that any problems will occur if the domain literals are
not accepted.

WARN
SOA Serial Number
WARNING: Your SOA serial number is: 200410262. That is OK, but the
recommended format (per RFC1912 2.2) is YYYYMMDDnn, where 'nn' is the
revision. For example, if you are making the 3rd change on 02 May
2000, you would use 2000050203. This number must be incremented every
time you make a DNS change.


WARN
SOA REFRESH value
WARNING: Your SOA REFRESH interval is : 600 seconds. This seems low.
You should consider increasing this value to about 3600-7200 seconds.
RFC1912 2.2 recommends a value between 1200 to 43200 seconds (20
minutes to 12 hours). A value that is too low will unncessarily
increase Internet traffic.



FAIL
SOA EXPIRE value
WARNING: Your SOA EXPIRE time is : 600 seconds. This seems very low.
You should consider increasing this value to about 1209600 to 2419200
seconds (2 to 4 weeks). RFC1912 recommends 2-4 weeks. This is how long
a secondary/slave nameserver will wait before considering its DNS data
stale if it can't reach the primary nameserver.

WARN
SOA MINIMUM TTL value
WARNING: Your SOA MINIMUM TTL is : 600 seconds. This seems low (unless
you are just about to update your DNS). You should consider increasing
this value to somewhere between 3600 and 10800. RFC2308 suggests a
value of 1-3 hours. This value used to determine the default
(technically, minimum) TTL (time-to-live) for DNS entries, but now is
used for negative caching.

THANKS A LOT FOR THE HELP
Click to expand...
Click to expand...
Click to expand...
 
Hi Steve.

Thank you for your response.

This is what i got after running tracert:

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

P:\>tracert 67.19.206.212

Tracing route to hosting.21hostingservers.com [67.19.206.212]
over a maximum of 30 hops:

1 <1 ms <1 ms <1 ms 192.168.0.1
2 671 ms 401 ms 202 ms dsl04.40nr.tor.futureway.com
[64.119.96.11]
3 302 ms 370 ms 250 ms core01.40nr.futureway.com
[64.119.96.3]
4 308 ms 180 ms 204 ms
955.FastEthernet4-0-0.BB5.TOR2.ALTER.NET [216.95
..217.97]
5 161 ms 211 ms 37 ms POS4-0.XR1.TOR2.ALTER.NET
[152.63.133.74]
6 122 ms 145 ms 127 ms 0.so-0-0-0.TL1.TOR2.ALTER.NET
[152.63.2.109]
7 111 ms 124 ms 107 ms 0.so-4-0-0.TL1.DFW9.ALTER.NET
[152.63.0.181]
8 307 ms 370 ms 528 ms 0.so-7-0-0.CL1.DFW13.ALTER.NET
[152.63.103.218]

9 930 ms 1089 ms 1031 ms POS6-0.GW1.DFW13.ALTER.NET
[152.63.103.85]
10 1029 ms 1523 ms 394 ms theplanet-gw.customer.alter.net
[157.130.143.226
]
11 408 ms 450 ms 567 ms dsr2-1-v1.dllstx4.theplanet.com
[12.96.160.7]
12 186 ms 215 ms 240 ms
gig1-0-2.tp-car8-1.dllstx4.theplanet.com [67.18.
116.83]
13 * * * Request timed out.
14 * * * Request timed out.
15 * * * Request timed out.
16 * * * Request timed out.
17 * * * Request timed out.
18 * * * Request timed out.
19 * * * Request timed out.
20 * * * Request timed out.
21 * * * Request timed out.
22 * * * Request timed out.
23 * * * Request timed out.
24 * * * Request timed out.
25 * * * Request timed out.
26 * * * Request timed out.
27 * * * Request timed out.
28 * * * Request timed out.
29 * * * Request timed out.
30 * * * Request timed out.

Trace complete.

P:\>
......

67.19.206.212 is not the ip of the router. i think is the ip of the
host.
do i need to create a private DNS entry? and if so how do i do that?


this is what i got for this ip address:

OrgName: ThePlanet.com Internet Services, Inc.
OrgID: TPCM
Address: 1333 North Stemmons Freeway
Address: Suite 110
City: Dallas
StateProv: TX
PostalCode: 75207
Country: US

ReferralServer: rwhois://rwhois.theplanet.com:4321

NetRange: 67.18.0.0 - 67.19.255.255
CIDR: 67.18.0.0/15
NetName: NETBLK-THEPLANET-BLK-11
NetHandle: NET-67-18-0-0-1
Parent: NET-67-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.THEPLANET.COM
NameServer: NS2.THEPLANET.COM

I can view other sites without problems and i can access this site
(alkospace.com) from any other location but not from work.

Thanks for your help Steve

Steve Duff said:
67.19.206.212 responds publicly to a ping from here.
Try a tracert on that address to see where the
traffic fails.

Is this address the public WAN address of your own
Netopia router? If so, it may not be able to loop traffic.
In that case you may need a private DNS entry for this
name in your local DNS, or a better router.

Steve Duff, MCSE, MVP
Ergodic Systems, Inc.

Illyrian said:
Thank you Steve.

This is what i got:

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

P:\>ping alkospace.com

Pinging alkospace.com [67.19.206.212] with 32 bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 67.19.206.212:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),


Nothing is checked under the lan settings.

Regarding the firewall, i know that we have norton 9.0 CE loaded in
the server and use a netopia router.

THANKS FOR YOUR REPLY

Steve Duff said:
The nslookup trace says that you are able to
resolve www.alkospace.com to an address.

You can confirm this by opening a CMD
window and typing the command

ping www.alkospace.com

It should try to ping -- it doesn't matter
if the ping is successful, as long as it
translates the name. The address it
is pinging should be 67.19.206.212.
Check that.

Assuming that is OK, it means you have a
web browser configuration problem,
or you have a corporate firewall or proxy
server which is restricting access.

Assuming you are not using a proxy server,
go to the Internet properties in control panel,
and disable everything in LAN settings,
including "automatically detect proxy".

Make sure there are no proxy ports set for ad
or spyware blockers. Disable personal
firewalls, antivirus script blockers, spyware
real-time monitors etc. IOW any system software
that sits between your browser and the Internet.
One of them is likely to be the problem.

Steve Duff, MCSE, MVP
Ergodic Systems, Inc.

Hi Steve!

Thanks for your reply.

When i tried to run "ipconfig /all" i saw a dos window which disappeared briefly.

This is the rest of the log:

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

P:\>nslookup
Default Server: dns-01.futureway.com
Address: 64.119.104.2

set debug
www.alkospace.com
Server: dns-01.futureway.com
Address: 64.119.104.2

------------
Got answer:
HEADER:
opcode = QUERY, id = 2, rcode = NXDOMAIN
header flags: response, want recursion, recursion avail.
questions = 1, answers = 0, authority records = 1, additional = 0

QUESTIONS:
www.alkospace.com.INS.LAN, type = A, class = IN
AUTHORITY RECORDS:
-> (root)
ttl = 10800 (3 hours)
primary name server = A.ROOT-SERVERS.NET
responsible mail addr = NSTLD.VERISIGN-GRS.COM
serial = 2004102700
refresh = 1800 (30 mins)
retry = 900 (15 mins)
expire = 604800 (7 days)
default TTL = 86400 (1 day)

------------
------------
Got answer:
HEADER:
opcode = QUERY, id = 3, rcode = NOERROR
header flags: response, want recursion, recursion avail.
questions = 1, answers = 2, authority records = 2, additional = 0

QUESTIONS:
www.alkospace.com, type = A, class = IN
ANSWERS:
-> www.alkospace.com
canonical name = alkospace.com
ttl = 14400 (4 hours)
-> alkospace.com
internet address = 67.19.206.212
ttl = 14400 (4 hours)
AUTHORITY RECORDS:
-> alkospace.com
nameserver = ns2.21hostingservers.com
ttl = 14400 (4 hours)
-> alkospace.com
nameserver = ns1.21hostingservers.com
ttl = 14400 (4 hours)

------------
Non-authoritative answer:
Name: alkospace.com
Address: 67.19.206.212
Aliases: www.alkospace.com





Thank you



None of the warnings you listed will have any real
impact on your normal operation, and are not
related to your problem.

There are a number of possibilities, but the
best way to narrow it down is to do the
following:

1) Start...Run..."cmd"

(Make sure that the DOS window buffer is at least
300 so that you can scroll text back)

2) ...> nslookup

3) >set debug

4) >www.domain.com.
(whatever name you are trying to access).

6) >exit

7) ...> ipconfig /all

8) Now copy the entire output from the cmd window and
paste it in to a reply here so we can see it.

9) ...>exit

Steve Duff, MCSE, MVP
Ergodic Systems, Inc.

Hi all!

I am a new user and my problem is that i can access different websites
using a dial up account or a cable connection without problems, but
when i try to access these sites from work which is in a lan
environment, i get an error message: We can't find "domain.com"
/dnserror.aspx?FORM=DNSAS&q=.


there is norton corporate edition loaded in the server and we use a
neutopia router.

I dont understand how come i can view some sites but i can not view
others sites but mine and i have no problem viewing these other sites
from any other location.

How do i know if the DNS in the server (windows 2000) is setup
properley?

this is what i got in a dns report :

WARN
Nameservers on separate class C's
WARNING: All of your nameservers (listed at the parent nameservers)
are in the same Class C (technically, /24) address space, which means
that they are probably at the same physical location. Your nameservers
should be at geographically dispersed locations. You should not have
all of your nameservers at the same location. RFC2182 3.1 goes into
more detail about secondary nameserver location.

WARN
Multiple MX records
WARNING: You only have 1 MX record. If your primary mail server is
down or unreachable, there is a chance that mail may have troubles
reaching you.

WARN
Mail server host name in greeting
WARNING: One or more of your mailservers may be claiming to be a host
other than what it really is (the SMTP greeting should be a 3-digit
code, followed by a space or a dash, then the host name). This
probably won't cause any harm, but may be a technical violation of
RFC821 4.3 (and RFC2821 4.3.1

WARN
Acceptance of domain literals
WARN: One or more of your mailservers does not accept mail in the
domain literal format (user@[0.0.0.0]). Mailservers are technically
required RFC1123 5.2.17 to accept mail to domain literals for any of
its IP addresses. Not accepting domain literals can make it more
difficult to test your mailserver, and can prevent you from receiving
E-mail from people reporting problems with your mailserver. However,
it is unlikely that any problems will occur if the domain literals are
not accepted.

WARN
SOA Serial Number
WARNING: Your SOA serial number is: 200410262. That is OK, but the
recommended format (per RFC1912 2.2) is YYYYMMDDnn, where 'nn' is the
revision. For example, if you are making the 3rd change on 02 May
2000, you would use 2000050203. This number must be incremented every
time you make a DNS change.


WARN
SOA REFRESH value
WARNING: Your SOA REFRESH interval is : 600 seconds. This seems low.
You should consider increasing this value to about 3600-7200 seconds.
RFC1912 2.2 recommends a value between 1200 to 43200 seconds (20
minutes to 12 hours). A value that is too low will unncessarily
increase Internet traffic.



FAIL
SOA EXPIRE value
WARNING: Your SOA EXPIRE time is : 600 seconds. This seems very low.
You should consider increasing this value to about 1209600 to 2419200
seconds (2 to 4 weeks). RFC1912 recommends 2-4 weeks. This is how long
a secondary/slave nameserver will wait before considering its DNS data
stale if it can't reach the primary nameserver.

WARN
SOA MINIMUM TTL value
WARNING: Your SOA MINIMUM TTL is : 600 seconds. This seems low (unless
you are just about to update your DNS). You should consider increasing
this value to somewhere between 3600 and 10800. RFC2308 suggests a
value of 1-3 hours. This value used to determine the default
(technically, minimum) TTL (time-to-live) for DNS entries, but now is
used for negative caching.

THANKS A LOT FOR THE HELP
Click to expand...
Click to expand...
Click to expand...
 
gig1-0-2.tp-car8-1.dllstx4.theplanet.com [67.18.
116.83]
13 * * * Request timed out.
14 * * * Request timed out.
Click to expand...

does this mean(the last part of tracert) that the problem is at the web host?

Thank you


Hi Steve.

Thank you for your response.

This is what i got after running tracert:

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

P:\>tracert 67.19.206.212

Tracing route to hosting.21hostingservers.com [67.19.206.212]
over a maximum of 30 hops:

1 <1 ms <1 ms <1 ms 192.168.0.1
2 671 ms 401 ms 202 ms dsl04.40nr.tor.futureway.com
[64.119.96.11]
3 302 ms 370 ms 250 ms core01.40nr.futureway.com
[64.119.96.3]
4 308 ms 180 ms 204 ms
955.FastEthernet4-0-0.BB5.TOR2.ALTER.NET [216.95
.217.97]
5 161 ms 211 ms 37 ms POS4-0.XR1.TOR2.ALTER.NET
[152.63.133.74]
6 122 ms 145 ms 127 ms 0.so-0-0-0.TL1.TOR2.ALTER.NET
[152.63.2.109]
7 111 ms 124 ms 107 ms 0.so-4-0-0.TL1.DFW9.ALTER.NET
[152.63.0.181]
8 307 ms 370 ms 528 ms 0.so-7-0-0.CL1.DFW13.ALTER.NET
[152.63.103.218]

9 930 ms 1089 ms 1031 ms POS6-0.GW1.DFW13.ALTER.NET
[152.63.103.85]
10 1029 ms 1523 ms 394 ms theplanet-gw.customer.alter.net
[157.130.143.226
]
11 408 ms 450 ms 567 ms dsr2-1-v1.dllstx4.theplanet.com
[12.96.160.7]
12 186 ms 215 ms 240 ms
gig1-0-2.tp-car8-1.dllstx4.theplanet.com [67.18.
116.83]
13 * * * Request timed out.
14 * * * Request timed out.
15 * * * Request timed out.
16 * * * Request timed out.
17 * * * Request timed out.
18 * * * Request timed out.
19 * * * Request timed out.
20 * * * Request timed out.
21 * * * Request timed out.
22 * * * Request timed out.
23 * * * Request timed out.
24 * * * Request timed out.
25 * * * Request timed out.
26 * * * Request timed out.
27 * * * Request timed out.
28 * * * Request timed out.
29 * * * Request timed out.
30 * * * Request timed out.

Trace complete.

P:\>
.....

67.19.206.212 is not the ip of the router. i think is the ip of the
host.
do i need to create a private DNS entry? and if so how do i do that?


this is what i got for this ip address:

OrgName: ThePlanet.com Internet Services, Inc.
OrgID: TPCM
Address: 1333 North Stemmons Freeway
Address: Suite 110
City: Dallas
StateProv: TX
PostalCode: 75207
Country: US

ReferralServer: rwhois://rwhois.theplanet.com:4321

NetRange: 67.18.0.0 - 67.19.255.255
CIDR: 67.18.0.0/15
NetName: NETBLK-THEPLANET-BLK-11
NetHandle: NET-67-18-0-0-1
Parent: NET-67-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.THEPLANET.COM
NameServer: NS2.THEPLANET.COM

I can view other sites without problems and i can access this site
(alkospace.com) from any other location but not from work.

Thanks for your help Steve

Steve Duff said:
67.19.206.212 responds publicly to a ping from here.
Try a tracert on that address to see where the
traffic fails.

Is this address the public WAN address of your own
Netopia router? If so, it may not be able to loop traffic.
In that case you may need a private DNS entry for this
name in your local DNS, or a better router.

Steve Duff, MCSE, MVP
Ergodic Systems, Inc.

Illyrian said:
Thank you Steve.

This is what i got:

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

P:\>ping alkospace.com

Pinging alkospace.com [67.19.206.212] with 32 bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 67.19.206.212:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),


Nothing is checked under the lan settings.

Regarding the firewall, i know that we have norton 9.0 CE loaded in
the server and use a netopia router.

THANKS FOR YOUR REPLY

The nslookup trace says that you are able to
resolve www.alkospace.com to an address.

You can confirm this by opening a CMD
window and typing the command

ping www.alkospace.com

It should try to ping -- it doesn't matter
if the ping is successful, as long as it
translates the name. The address it
is pinging should be 67.19.206.212.
Check that.

Assuming that is OK, it means you have a
web browser configuration problem,
or you have a corporate firewall or proxy
server which is restricting access.

Assuming you are not using a proxy server,
go to the Internet properties in control panel,
and disable everything in LAN settings,
including "automatically detect proxy".

Make sure there are no proxy ports set for ad
or spyware blockers. Disable personal
firewalls, antivirus script blockers, spyware
real-time monitors etc. IOW any system software
that sits between your browser and the Internet.
One of them is likely to be the problem.

Steve Duff, MCSE, MVP
Ergodic Systems, Inc.

Hi Steve!

Thanks for your reply.

When i tried to run "ipconfig /all" i saw a dos window which disappeared briefly.

This is the rest of the log:

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

P:\>nslookup
Default Server: dns-01.futureway.com
Address: 64.119.104.2

set debug
www.alkospace.com
Server: dns-01.futureway.com
Address: 64.119.104.2

------------
Got answer:
HEADER:
opcode = QUERY, id = 2, rcode = NXDOMAIN
header flags: response, want recursion, recursion avail.
questions = 1, answers = 0, authority records = 1, additional = 0

QUESTIONS:
www.alkospace.com.INS.LAN, type = A, class = IN
AUTHORITY RECORDS:
-> (root)
ttl = 10800 (3 hours)
primary name server = A.ROOT-SERVERS.NET
responsible mail addr = NSTLD.VERISIGN-GRS.COM
serial = 2004102700
refresh = 1800 (30 mins)
retry = 900 (15 mins)
expire = 604800 (7 days)
default TTL = 86400 (1 day)

------------
------------
Got answer:
HEADER:
opcode = QUERY, id = 3, rcode = NOERROR
header flags: response, want recursion, recursion avail.
questions = 1, answers = 2, authority records = 2, additional = 0

QUESTIONS:
www.alkospace.com, type = A, class = IN
ANSWERS:
-> www.alkospace.com
canonical name = alkospace.com
ttl = 14400 (4 hours)
-> alkospace.com
internet address = 67.19.206.212
ttl = 14400 (4 hours)
AUTHORITY RECORDS:
-> alkospace.com
nameserver = ns2.21hostingservers.com
ttl = 14400 (4 hours)
-> alkospace.com
nameserver = ns1.21hostingservers.com
ttl = 14400 (4 hours)

------------
Non-authoritative answer:
Name: alkospace.com
Address: 67.19.206.212
Aliases: www.alkospace.com





Thank you



None of the warnings you listed will have any real
impact on your normal operation, and are not
related to your problem.

There are a number of possibilities, but the
best way to narrow it down is to do the
following:

1) Start...Run..."cmd"

(Make sure that the DOS window buffer is at least
300 so that you can scroll text back)

2) ...> nslookup

3) >set debug

4) >www.domain.com.
(whatever name you are trying to access).

6) >exit

7) ...> ipconfig /all

8) Now copy the entire output from the cmd window and
paste it in to a reply here so we can see it.

9) ...>exit

Steve Duff, MCSE, MVP
Ergodic Systems, Inc.

Hi all!

I am a new user and my problem is that i can access different websites
using a dial up account or a cable connection without problems, but
when i try to access these sites from work which is in a lan
environment, i get an error message: We can't find "domain.com"
/dnserror.aspx?FORM=DNSAS&q=.


there is norton corporate edition loaded in the server and we use a
neutopia router.

I dont understand how come i can view some sites but i can not view
others sites but mine and i have no problem viewing these other sites
from any other location.

How do i know if the DNS in the server (windows 2000) is setup
properley?

this is what i got in a dns report :

WARN
Nameservers on separate class C's
WARNING: All of your nameservers (listed at the parent nameservers)
are in the same Class C (technically, /24) address space, which means
that they are probably at the same physical location. Your nameservers
should be at geographically dispersed locations. You should not have
all of your nameservers at the same location. RFC2182 3.1 goes into
more detail about secondary nameserver location.

WARN
Multiple MX records
WARNING: You only have 1 MX record. If your primary mail server is
down or unreachable, there is a chance that mail may have troubles
reaching you.

WARN
Mail server host name in greeting
WARNING: One or more of your mailservers may be claiming to be a host
other than what it really is (the SMTP greeting should be a 3-digit
code, followed by a space or a dash, then the host name). This
probably won't cause any harm, but may be a technical violation of
RFC821 4.3 (and RFC2821 4.3.1

WARN
Acceptance of domain literals
WARN: One or more of your mailservers does not accept mail in the
domain literal format (user@[0.0.0.0]). Mailservers are technically
required RFC1123 5.2.17 to accept mail to domain literals for any of
its IP addresses. Not accepting domain literals can make it more
difficult to test your mailserver, and can prevent you from receiving
E-mail from people reporting problems with your mailserver. However,
it is unlikely that any problems will occur if the domain literals are
not accepted.

WARN
SOA Serial Number
WARNING: Your SOA serial number is: 200410262. That is OK, but the
recommended format (per RFC1912 2.2) is YYYYMMDDnn, where 'nn' is the
revision. For example, if you are making the 3rd change on 02 May
2000, you would use 2000050203. This number must be incremented every
time you make a DNS change.


WARN
SOA REFRESH value
WARNING: Your SOA REFRESH interval is : 600 seconds. This seems low.
You should consider increasing this value to about 3600-7200 seconds.
RFC1912 2.2 recommends a value between 1200 to 43200 seconds (20
minutes to 12 hours). A value that is too low will unncessarily
increase Internet traffic.



FAIL
SOA EXPIRE value
WARNING: Your SOA EXPIRE time is : 600 seconds. This seems very low.
You should consider increasing this value to about 1209600 to 2419200
seconds (2 to 4 weeks). RFC1912 recommends 2-4 weeks. This is how long
a secondary/slave nameserver will wait before considering its DNS data
stale if it can't reach the primary nameserver.

WARN
SOA MINIMUM TTL value
WARNING: Your SOA MINIMUM TTL is : 600 seconds. This seems low (unless
you are just about to update your DNS). You should consider increasing
this value to somewhere between 3600 and 10800. RFC2308 suggests a
value of 1-3 hours. This value used to determine the default
(technically, minimum) TTL (time-to-live) for DNS entries, but now is
used for negative caching.

THANKS A LOT FOR THE HELP
Click to expand...
Click to expand...
Click to expand...
 
Hi!

I am able to access these sites if i use a proxy server,
but it is very slow. I just want to know if the problem
is in me end or the webhost so i know who to contact for
this issue.

Thanks
-----Original Message-----
gig1-0-2.tp-car8-1.dllstx4.theplanet.com [67.18.
116.83]
13 * * * Request timed out.
14 * * * Request timed out.
Click to expand...

does this mean(the last part of tracert) that the problem is at the web host?

Thank you


(e-mail address removed) (Illyrian) wrote in message
Hi Steve.

Thank you for your response.

This is what i got after running tracert:

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

P:\>tracert 67.19.206.212

Tracing route to hosting.21hostingservers.com [67.19.206.212]
over a maximum of 30 hops:

1 <1 ms <1 ms <1 ms 192.168.0.1
2 671 ms 401 ms 202 ms dsl04.40nr.tor.futureway.com
[64.119.96.11]
3 302 ms 370 ms 250 ms core01.40nr.futureway.com
[64.119.96.3]
4 308 ms 180 ms 204 ms
955.FastEthernet4-0-0.BB5.TOR2.ALTER.NET [216.95
.217.97]
5 161 ms 211 ms 37 ms POS4- 0.XR1.TOR2.ALTER.NET
[152.63.133.74]
6 122 ms 145 ms 127 ms 0.so-0-0- 0.TL1.TOR2.ALTER.NET
[152.63.2.109]
7 111 ms 124 ms 107 ms 0.so-4-0- 0.TL1.DFW9.ALTER.NET
[152.63.0.181]
8 307 ms 370 ms 528 ms 0.so-7-0- 0.CL1.DFW13.ALTER.NET
[152.63.103.218]

9 930 ms 1089 ms 1031 ms POS6- 0.GW1.DFW13.ALTER.NET
[152.63.103.85]
10 1029 ms 1523 ms 394 ms theplanet- gw.customer.alter.net
[157.130.143.226
]
11 408 ms 450 ms 567 ms dsr2-1- v1.dllstx4.theplanet.com
[12.96.160.7]
12 186 ms 215 ms 240 ms
gig1-0-2.tp-car8-1.dllstx4.theplanet.com [67.18.
116.83]
13 * * * Request timed out.
14 * * * Request timed out.
15 * * * Request timed out.
16 * * * Request timed out.
17 * * * Request timed out.
18 * * * Request timed out.
19 * * * Request timed out.
20 * * * Request timed out.
21 * * * Request timed out.
22 * * * Request timed out.
23 * * * Request timed out.
24 * * * Request timed out.
25 * * * Request timed out.
26 * * * Request timed out.
27 * * * Request timed out.
28 * * * Request timed out.
29 * * * Request timed out.
30 * * * Request timed out.

Trace complete.

P:\>
.....

67.19.206.212 is not the ip of the router. i think is the ip of the
host.
do i need to create a private DNS entry? and if so how do i do that?


this is what i got for this ip address:

OrgName: ThePlanet.com Internet Services, Inc.
OrgID: TPCM
Address: 1333 North Stemmons Freeway
Address: Suite 110
City: Dallas
StateProv: TX
PostalCode: 75207
Country: US

ReferralServer: rwhois://rwhois.theplanet.com:4321

NetRange: 67.18.0.0 - 67.19.255.255
CIDR: 67.18.0.0/15
NetName: NETBLK-THEPLANET-BLK-11
NetHandle: NET-67-18-0-0-1
Parent: NET-67-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.THEPLANET.COM
NameServer: NS2.THEPLANET.COM

I can view other sites without problems and i can access this site
(alkospace.com) from any other location but not from work.

Thanks for your help Steve

"Steve Duff [MVP]" <[email protected]> wrote
in message news: said:
67.19.206.212 responds publicly to a ping from here.
Try a tracert on that address to see where the
traffic fails.

Is this address the public WAN address of your own
Netopia router? If so, it may not be able to loop traffic.
In that case you may need a private DNS entry for this
name in your local DNS, or a better router.

Steve Duff, MCSE, MVP
Ergodic Systems, Inc.

Thank you Steve.

This is what i got:

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

P:\>ping alkospace.com

Pinging alkospace.com [67.19.206.212] with 32 bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 67.19.206.212:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),


Nothing is checked under the lan settings.

Regarding the firewall, i know that we have norton 9.0 CE loaded in
the server and use a netopia router.

THANKS FOR YOUR REPLY

"Steve Duff [MVP]" <[email protected]>
Click to expand...
Click to expand...
Click to expand...
wrote in message
The nslookup trace says that you are able to
resolve www.alkospace.com to an address.

You can confirm this by opening a CMD
window and typing the command

ping www.alkospace.com

It should try to ping -- it doesn't matter
if the ping is successful, as long as it
translates the name. The address it
is pinging should be 67.19.206.212.
Check that.

Assuming that is OK, it means you have a
web browser configuration problem,
or you have a corporate firewall or proxy
server which is restricting access.

Assuming you are not using a proxy server,
go to the Internet properties in control panel,
and disable everything in LAN settings,
including "automatically detect proxy".

Make sure there are no proxy ports set for ad
or spyware blockers. Disable personal
firewalls, antivirus script blockers, spyware
real-time monitors etc. IOW any system software
that sits between your browser and the Internet.
One of them is likely to be the problem.

Steve Duff, MCSE, MVP
Ergodic Systems, Inc.

Hi Steve!

Thanks for your reply.

When i tried to run "ipconfig /all" i saw a dos window which disappeared briefly.

This is the rest of the log:

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

P:\>nslookup
Default Server: dns-01.futureway.com
Address: 64.119.104.2

set debug
www.alkospace.com
Server: dns-01.futureway.com
Address: 64.119.104.2

------------
Got answer:
HEADER:
opcode = QUERY, id = 2, rcode = NXDOMAIN
header flags: response, want recursion, recursion avail.
questions = 1, answers = 0, authority records = 1, additional = 0

QUESTIONS:
www.alkospace.com.INS.LAN, type = A, class = IN
AUTHORITY RECORDS:
-> (root)
ttl = 10800 (3 hours)
primary name server = A.ROOT- SERVERS.NET
responsible mail addr = NSTLD.VERISIGN- GRS.COM
serial = 2004102700
refresh = 1800 (30 mins)
retry = 900 (15 mins)
expire = 604800 (7 days)
default TTL = 86400 (1 day)

------------
------------
Got answer:
HEADER:
opcode = QUERY, id = 3, rcode = NOERROR
header flags: response, want recursion, recursion avail.
questions = 1, answers = 2, authority records = 2, additional = 0

QUESTIONS:
www.alkospace.com, type = A, class = IN
ANSWERS:
-> www.alkospace.com
canonical name = alkospace.com
ttl = 14400 (4 hours)
-> alkospace.com
internet address = 67.19.206.212
ttl = 14400 (4 hours)
AUTHORITY RECORDS:
-> alkospace.com
nameserver = ns2.21hostingservers.com
ttl = 14400 (4 hours)
-> alkospace.com
nameserver = ns1.21hostingservers.com
ttl = 14400 (4 hours)

------------
Non-authoritative answer:
Name: alkospace.com
Address: 67.19.206.212
Aliases: www.alkospace.com





Thank you



"Steve Duff [MVP]" <ergodic@ergodic-
Click to expand...
Click to expand...
Click to expand...
systems.com> wrote in message
message
Hi all!

I am a new user and my problem is that i can access different websites
using a dial up account or a cable connection without problems, but
when i try to access these sites from work which is in a lan
environment, i get an error message: We can't find "domain.com"
/dnserror.aspx?FORM=DNSAS&q=.


there is norton corporate edition loaded in the server and we use a
neutopia router.

I dont understand how come i can view some sites but i can not view
others sites but mine and i have no problem viewing these other sites
from any other location.

How do i know if the DNS in the server (windows 2000) is setup
properley?

this is what i got in a dns report :

WARN
Nameservers on separate class C's
WARNING: All of your nameservers (listed at the parent nameservers)
are in the same Class C (technically, /24) address space, which means
that they are probably at the same physical location. Your nameservers
should be at geographically dispersed locations. You should not have
all of your nameservers at the same location. RFC2182 3.1 goes into
more detail about secondary nameserver location.

WARN
Multiple MX records
WARNING: You only have 1 MX record. If your primary mail server is
down or unreachable, there is a chance that mail may have troubles
reaching you.

WARN
Mail server host name in greeting
WARNING: One or more of your mailservers may be claiming to be a host
other than what it really is (the SMTP greeting should be a 3-digit
code, followed by a space or a dash, then the host name). This
probably won't cause any harm, but may be a technical violation of
RFC821 4.3 (and RFC2821 4.3.1

WARN
Acceptance of domain literals
WARN: One or more of your mailservers does not accept mail in the
domain literal format (user@[0.0.0.0]). Mailservers are technically
required RFC1123 5.2.17 to accept mail to domain literals for any of
its IP addresses. Not accepting domain literals can make it more
difficult to test your mailserver, and can prevent you from receiving
E-mail from people reporting problems with your mailserver. However,
it is unlikely that any problems will occur if the domain literals are
not accepted.

WARN
SOA Serial Number
WARNING: Your SOA serial number is: 200410262. That is OK, but the
recommended format (per RFC1912 2.2) is YYYYMMDDnn, where 'nn' is the
revision. For example, if you are making the 3rd change on 02 May
2000, you would use 2000050203. This number must be incremented every
time you make a DNS change.


WARN
SOA REFRESH value
WARNING: Your SOA REFRESH interval is : 600 seconds. This seems low.
You should consider increasing this value to about 3600-7200 seconds.
RFC1912 2.2 recommends a value between 1200 to 43200 seconds (20
minutes to 12 hours). A value that is too low will unncessarily
increase Internet traffic.



FAIL
SOA EXPIRE value
WARNING: Your SOA EXPIRE time is : 600 seconds. This seems very low.
You should consider increasing this value to about 1209600 to 2419200
seconds (2 to 4 weeks). RFC1912 recommends 2-4 weeks. This is how long
a secondary/slave nameserver will wait before considering its DNS data
stale if it can't reach the primary nameserver.

WARN
SOA MINIMUM TTL value
WARNING: Your SOA MINIMUM TTL is : 600 seconds. This seems low (unless
you are just about to update your DNS). You should consider increasing
this value to somewhere between 3600 and 10800. RFC2308 suggests a
value of 1-3 hours. This value used to determine the default
(technically, minimum) TTL (time-to-live) for DNS entries, but now is
used for negative caching.

THANKS A LOT FOR THE HELP
Click to expand...
Click to expand...
.
Click to expand...
 
Back
Top