Still no connection !!

[Darlien]

Hi all,

Regarding my question that I post 2 days ago, I have have tried to add a new
host in my DNS : "www" which will point to www.suriagroup.com.my
(69.93.72.114).
But.... still I cannot access to the external website from our office. This
is a very weird situation. People from outside my office are having no
problem accessing the website. I've check our firewall configuration and
there in no blocking for any site.
When I run tracert, this are the things that came out ;

C:\Documents and Settings\darlien.SURIAGROUP>tracert 69.93.72.114

Tracing route to kuklops.net [69.93.72.114]
over a maximum of 30 hops:

1 <1 ms <1 ms <1 ms 10.88.3.1
2 1 ms <1 ms 1 ms 219.94.120.149
3 310 ms 329 ms 354 ms 219.93.218.176
4 353 ms 377 ms 341 ms 219.93.216.193
5 342 ms 271 ms 468 ms 210.187.143.1
6 416 ms 404 ms 430 ms 219.93.182.225
7 414 ms 380 ms 303 ms 203.106.240.202
8 380 ms 475 ms 257 ms 210.187.133.83
9 258 ms 146 ms 180 ms 219.93.174.83
10 781 ms 645 ms 697 ms 219.93.153.158
11 714 ms 704 ms * equinixexchange.broadwing.com
[206.223.115.172]

12 601 ms 650 ms 620 ms g1-2.rp0.asbn.broadwing.net
[216.140.8.158]
13 651 ms 674 ms 718 ms 216.140.8.6
14 757 ms 603 ms 507 ms p4-0.c0.wash.broadwing.net
[216.140.8.89]
15 628 ms 707 ms 620 ms p6-0.c0.atln.broadwing.net
[216.140.8.110]
16 592 ms 614 ms 721 ms p7-0.c0.ftw.broadwing.net
[216.140.17.113]
17 636 ms 470 ms 865 ms s2-2-0.a1.dlls.broadwing.net
[216.140.4.226]
18 834 ms 687 ms 740 ms 67.99.43.234
19 687 ms 565 ms 686 ms dist-vlan32.dsr3-2.dllstx3.theplanet.com
[70.85.
127.62]
20 545 ms 732 ms 655 ms dist-vlan22.dsr1-2.dllstx2.theplanet.com
[70.85.
127.76]
21 566 ms 523 ms 637 ms car2-6-v1.dllstx2.theplanet.com
[12.96.160.22]
22 * * * Request timed out.
23 * * * Request timed out.
24 * * * Request timed out.
25 * * * Request timed out.
26 * * * Request timed out.
27 * * * Request timed out.
28 * * * Request timed out.
29 * * * Request timed out.
30 * * * Request timed out.

Trace complete.

C:\Documents and Settings\darlien.SURIAGROUP>


Please help us.

Darlien Apolonius

 

[Kevin D. Goodknecht Sr. [MVP]]

Hi all,

Regarding my question that I post 2 days ago, I have have tried to
add a new host in my DNS : "www" which will point to
www.suriagroup.com.my (69.93.72.114).
But.... still I cannot access to the external website from our
office. This is a very weird situation. People from outside my office
are having no problem accessing the website. I've check our firewall
configuration and there in no blocking for any site.

I'm not sure what your issue is, the IP is right, I can ping it, tracert it,
and open it. IT is not a DNS issue, unless you are hosting the site locally.
W:\>ping -a 69.93.72.114

Pinging kuklops.net [69.93.72.114] with 32 bytes of data:

Reply from 69.93.72.114: bytes=32 time=56ms TTL=53
Reply from 69.93.72.114: bytes=32 time=54ms TTL=53
Reply from 69.93.72.114: bytes=32 time=54ms TTL=53
Reply from 69.93.72.114: bytes=32 time=57ms TTL=53

Ping statistics for 69.93.72.114:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 54ms, Maximum = 57ms, Average = 55ms

W:\>tracert 69.93.72.114

Tracing route to kuklops.net [69.93.72.114]
over a maximum of 30 hops:

1 <1 ms <1 ms <1 ms 192.168.0.1
2 52 ms 51 ms 51 ms router.lsaol.com [65.65.91.214]
3 50 ms 51 ms 52 ms dist1-vlan50.wcfltx.sbcglobal.net
[151.164.193.66]
4 52 ms 51 ms 51 ms bb2-fa1-1-0.wcfltx.sbcglobal.net
[151.164.193.242]
5 54 ms 55 ms 55 ms bb2-p12-0.rcsntx.sbcglobal.net
[151.164.241.10]
6 55 ms 55 ms 54 ms ex1-p12-0.eqdltx.sbcglobal.net
[151.164.44.45]
7 57 ms 55 ms 56 ms 151.164.249.222
8 57 ms 57 ms 55 ms aer1-po10.dallasequinix.savvis.net
[204.70.134.14]
9 56 ms 55 ms 55 ms 208.175.175.42
10 56 ms 58 ms 58 ms dist-vlan32.dsr3-1.dllstx3.theplanet.com
[70.85.127.61]
11 56 ms 57 ms 56 ms dist-vlan21.dsr1-1.dllstx2.theplanet.com
[70.85.127.67]
12 57 ms 57 ms 58 ms car2-6-v1.dllstx2.theplanet.com
[12.96.160.22]
13 57 ms 56 ms 57 ms kuklops.net [69.93.72.114]

Trace complete.

 

[Ace Fekay [MVP]]

In

Hi all,

Regarding my question that I post 2 days ago, I have have tried to
add a new host in my DNS : "www" which will point to
www.suriagroup.com.my (69.93.72.114).
But.... still I cannot access to the external website from our
office. This is a very weird situation. People from outside my office
are having no problem accessing the website. I've check our firewall
configuration and there in no blocking for any site.
When I run tracert, this are the things that came out ;

Please help us.

Darlien Apolonius

Please run this command and post the output:

nslookup -d2

www.suriagroup.com.my

Thanks,

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services
Infinite Diversities in Infinite Combinations.
=================================

 

[Darlien]

Dear Ace,

These are the output.


C:\Documents and Settings\darlien.SURIAGROUP>nslookup -d2 69.93.72.114
------------
SendRequest(), len 41
HEADER:
opcode = QUERY, id = 1, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records = 0, additional = 0

QUESTIONS:
20.1.88.10.in-addr.arpa, type = PTR, class = IN

------------
------------
Got answer (81 bytes):
HEADER:
opcode = QUERY, id = 1, rcode = NOERROR
header flags: response, auth. answer, want recursion, recursion
avail.
questions = 1, answers = 1, authority records = 0, additional = 0

QUESTIONS:
20.1.88.10.in-addr.arpa, type = PTR, class = IN
ANSWERS:
-> 20.1.88.10.in-addr.arpa
type = PTR, class = IN, dlen = 28
name = mengalum.suriagroup.com.my
ttl = 1200 (20 mins)

------------
Server: mengalum.suriagroup.com.my
Address: 10.88.1.20

------------
SendRequest(), len 43
HEADER:
opcode = QUERY, id = 2, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records = 0, additional = 0

QUESTIONS:
114.72.93.69.in-addr.arpa, type = PTR, class = IN

------------
------------
Got answer (68 bytes):
HEADER:
opcode = QUERY, id = 2, rcode = NOERROR
header flags: response, want recursion, recursion avail.
questions = 1, answers = 1, authority records = 0, additional = 0

QUESTIONS:
114.72.93.69.in-addr.arpa, type = PTR, class = IN
ANSWERS:
-> 114.72.93.69.in-addr.arpa
type = PTR, class = IN, dlen = 13
name = kuklops.net
ttl = 86216 (23 hours 56 mins 56 secs)

------------
Name: kuklops.net
Address: 69.93.72.114


C:\Documents and Settings\darlien.SURIAGROUP>






"Ace Fekay [MVP]"

 

[Darlien]

Dear Ace,

This is another nslookup.



C:\Documents and Settings\darlien.SURIAGROUP>nslookup -d2
www.suriagroup.com.my
------------
SendRequest(), len 44
HEADER:
opcode = QUERY, id = 1, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records = 0, additional = 0

QUESTIONS:
133.0.188.202.in-addr.arpa, type = PTR, class = IN

------------
------------
Got answer (72 bytes):
HEADER:
opcode = QUERY, id = 1, rcode = NOERROR
header flags: response, want recursion, recursion avail.
questions = 1, answers = 1, authority records = 0, additional = 0

QUESTIONS:
133.0.188.202.in-addr.arpa, type = PTR, class = IN
ANSWERS:
-> 133.0.188.202.in-addr.arpa
type = PTR, class = IN, dlen = 16
name = cns3.tm.net.my
ttl = 467 (7 mins 47 secs)

------------
Server: cns3.tm.net.my
Address: 202.188.0.133

------------
SendRequest(), len 39
HEADER:
opcode = QUERY, id = 2, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records = 0, additional = 0

QUESTIONS:
www.suriagroup.com.my, type = A, class = IN

------------
------------
Got answer (69 bytes):
HEADER:
opcode = QUERY, id = 2, rcode = NOERROR
header flags: response, want recursion, recursion avail.
questions = 1, answers = 2, authority records = 0, additional = 0

QUESTIONS:
www.suriagroup.com.my, type = A, class = IN
ANSWERS:
-> www.suriagroup.com.my
type = CNAME, class = IN, dlen = 2
canonical name = suriagroup.com.my
ttl = 14345 (3 hours 59 mins 5 secs)
-> suriagroup.com.my
type = A, class = IN, dlen = 4
internet address = 69.93.72.114
ttl = 14345 (3 hours 59 mins 5 secs)

------------
Non-authoritative answer:
Name: suriagroup.com.my
Address: 69.93.72.114
Aliases: www.suriagroup.com.my


C:\Documents and Settings\darlien.SURIAGROUP>



"Ace Fekay [MVP]"

 

[Ace Fekay [MVP]]

In

Dear Ace,

This is another nslookup.

<snip>

The outputs look fine. The site is resolving. I can't see why your clients
cannot get to it unless, as Kevin said, the website is actually hosted on a
webserver on your internal private network.

What exact error do your clients get in Internet Explorer?

When you ping www.suriagroup.com.my from a client machine that is having
problems, what exact IP does it resolve to?

Can you also post an *unedited* ipconfig /all from one of your DCs and one
of the clients please.

Thanks

Ace

 

[Kevin D. Goodknecht Sr. [MVP]]

Dear Ace,

This is another nslookup.



C:\Documents and Settings\darlien.SURIAGROUP>nslookup -d2
www.suriagroup.com.my
------------
SendRequest(), len 44
HEADER:
opcode = QUERY, id = 1, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records = 0,
additional = 0

QUESTIONS:
133.0.188.202.in-addr.arpa, type = PTR, class = IN

------------
------------
Got answer (72 bytes):
HEADER:
opcode = QUERY, id = 1, rcode = NOERROR
header flags: response, want recursion, recursion avail.
questions = 1, answers = 1, authority records = 0,
additional = 0

QUESTIONS:
133.0.188.202.in-addr.arpa, type = PTR, class = IN
ANSWERS:
-> 133.0.188.202.in-addr.arpa
type = PTR, class = IN, dlen = 16
name = cns3.tm.net.my
ttl = 467 (7 mins 47 secs)

------------
Server: cns3.tm.net.my
Address: 202.188.0.133

------------
SendRequest(), len 39
HEADER:
opcode = QUERY, id = 2, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records = 0,
additional = 0

QUESTIONS:
www.suriagroup.com.my, type = A, class = IN

------------
------------
Got answer (69 bytes):
HEADER:
opcode = QUERY, id = 2, rcode = NOERROR
header flags: response, want recursion, recursion avail.
questions = 1, answers = 2, authority records = 0,
additional = 0

QUESTIONS:
www.suriagroup.com.my, type = A, class = IN
ANSWERS:
-> www.suriagroup.com.my
type = CNAME, class = IN, dlen = 2
canonical name = suriagroup.com.my
ttl = 14345 (3 hours 59 mins 5 secs)
-> suriagroup.com.my
type = A, class = IN, dlen = 4
internet address = 69.93.72.114
ttl = 14345 (3 hours 59 mins 5 secs)

------------
Non-authoritative answer:
Name: suriagroup.com.my<-----Internal AD name?
Address: 69.93.72.114
Aliases: www.suriagroup.com.my <-----Cname

Check your DNS address in TCP/IP properties. This query is going to an
external DNS address.

Server: cns3.tm.net.my
Address: 202.188.0.133

IIRC, this is AD and you must use the internal AD DNS server, ONLY.
I believe what is happening here is the www.suriagroup.com.my record is a
Cname that points to suriagroup.com.my, which also IIRC is your AD domain
name. Which means it is going to resolve to the IP of the DC on any machine
getting this Cname record.

 

[Ace Fekay [MVP]]

In

Check your DNS address in TCP/IP properties. This query is going to an
external DNS address.
IIRC, this is AD and you must use the internal AD DNS server, ONLY.
I believe what is happening here is the www.suriagroup.com.my record
is a Cname that points to suriagroup.com.my, which also IIRC is your
AD domain name. Which means it is going to resolve to the IP of the
DC on any machine getting this Cname record.

Maybe that's the whole problem.

Ace

 

[Kevin D. Goodknecht Sr. [MVP]]

Ace Fekay [MVP]

Maybe that's the whole problem.

It's a good possibility, and with a 4 hour TTL the Cname record hang around
in cache for a long time.

 

[Ace Fekay [MVP]]

In

Ace Fekay [MVP]


It's a good possibility, and with a 4 hour TTL the Cname record hang
around in cache for a long time.

Maybe if we can see an ipconfig /displaydns to see what's in cache, it maybe
helpful.

Ace