We just changed our web provider and now the "work.com" domain/dns servers can't access our "www.work.com" website from any of our work subnets . Outside of work everyone can access our web site, or if I manually change the dns on a workstation to not point to our dns server it will also work. I have updated the ip's in the servers host file and forward lookup zone in dns management to the new website's ip. I can't ping the web site, but it does find the ip. I can't complete a trace to either the web site or the ip of the web site. I am not sure what to try next.

Your description is a bit confusing, but I understand you are indicating that you recently changed the provider that is hosting your website. Your internal DNS servers are unable to resolve the IP, but externally it works fine. If this is the case, it appears to me that your external DNS zone is being hosted somewhere on the internet and the records work.com and www.work.com are both set up correctly. The fact that your internal DNS servers are not able to resolve is an indication to me that they may also be hosting a copy of the zone, work.com, probably as an authoritative zone. Therefore, you will need your DNS administrator to log into the internal DNS server and update the records for work.com and www.work.com to point to the correct IPs (your new web provider's server IPs where the website is located). Not sure why you are modifying local hosts files. That is not a good practice. You should clear the entries on the hosts files and allow DNS to resolve the host names as expected.Visit my blog: anITKB.com, an IT Knowledge Base.

I had already updated the dns servers to point www a record to the correct ip. I have deleted the entries in the hosts file. Still no changes.

I had already updated the dns servers to point www a record to the correct ip. I have deleted the entries in the hosts file. Still no changes. Should I be waiting longer?

Make sure you clear the cache on the DNS server and affected workstations if you haven't already. Use nslookup to verify name resolution after your changes are made.

ran ipconfig /flush dns after the changes nslookup to the www name *** can't find server name for address (server ip): non existen doman Server: Unknown Address: (correct ip address) Name: (correct www name) Address: (correct www ip)

From what machine did you perform this from? Sounds like you got a problem communicating with your DNS server. You cant even resolve its DNS name of the DNS server while performing the nslookup.

If your internal DNS server is hosting the zone and your clients are pointing to your internal DNS server(s), then there is no reason for name resolution not to work. Have you verified that your client's TCP/IP config settings are correct? Yes, running IPCONFIG /FLUSHDNS on your clients will remove any cached entries. If your internal DNS servers are not hosting the zone, you should clear out the DNS cache (in DNS Admin console). Visit my blog: anITKB.com, an IT Knowledge Base.

I have been doing everything on the dns server. All dns servers (and clients) can't reach the external web site. All clients settings are correct, on each subnet. Cleared DNS cache. Thanks for your help, but nothing has worked yet. All I did was re-direct to a new web site host??

1. Are all DNS names resolving correctly? (if you type nslookup on the DNS server it should not return an "server: unknown") like you mentioned above. 2. can you define "can't reach the website", can they ping the IP? can they resolve the name? can they telnet to the website? Do they get a page not displayed? etc?

1. what should I do to fix this? This is the only website giving a problem. 2. ping resolves the ip address, but fails. tracert resolves the ip but fails after about 14 hops. browsing gives cannot display webpage failure , but shows the correct icon next to the web address in the internet explorer

This issue needs to be scoped properly. So here are some questions: Are your clients pointing to your internal DNS server (check using IPCONFIG /ALL on a workstation)? Is this the only hostname that is not resolvable (from a client, use NSLOOKUP)? Are you hosting an authoritative copy of the zone on your internal DNS server (using the DNS Admin console, look at the forward lookup zones)?Visit my blog: anITKB.com, an IT Knowledge Base.

yes yes not sure forward lookup zone has 2 entries "_msdcs.work.com" and "work.com" (same as sub-domain servers)

1. what should I do to fix this? This is the only website giving a problem. You should also verify the correct PTR or reverse lookup records are accurate for all hosts (DNS server, web server, clients, just in case you didnt automatically update these when you changed the records the first time.) 2. ping resolves the ip address, but fails. tracert resolves the ip but fails after about 14 hops. browsing gives cannot display webpage failure , but shows the correct icon next to the web address in the internet explorer. Try "telnet www.websitename.com 80" If you get anything other than a blinking cursor it fails which could indicate another issue aside from DNS. Can you paste the tracert results?

good... good... Ah... you are running Active Directory and you are hosting the AD zones. Well, go into the work.com subdomain and look for the record www. if you don't have one, you need to create it and point it to the IP where the website exists. Now, the parent record "@" work.com is going to be a slight problem. That is because your DCs, by default will register the domain name with the IP addresses of your DC's NIC. Therefore when your clients type http://work.com, the record work.com will be resolved by your internal DNS, but will supply the IP addresses of your DCs, not good, for accessing the website. In this case, you have two options: 1) tell your users, they cannot access the website by typing work.com, or 2) prevent the DCs from registering work.com with their IPs and manually create the work.com (you will see it as 'same as parent') pointing to the website. See my article about this type of design. Active Directory Domain Name Considerations when Using the Same Internal and External Domain Name http://www.anitkb.com/2010/03/active-directory-domain-name.html Visit my blog: anITKB.com, an IT Knowledge Base.

1. How can I check this? 2. telnet fails, could not open connection to the host, on port 80: connect failed Tracing route to www.gallerygroup.com [208.154.44.228]over a maximum of 30 hops: 1 7 ms 9 ms 1 ms 205.190.0.244 2 1 ms 1 ms 1 ms 042-121.np1.net [64.61.42.121] 3 26 ms 7 ms 8 ms 10.255.255.254 4 15 ms 58 ms 11 ms lic-core-m10-01-so-0-2-0.broadviewnet.net [64.115.102.29] 5 11 ms 13 ms 12 ms static-64-61-91-57.isp.broadviewnet.net [64.61.91.57] 6 19 ms 11 ms 11 ms static-216-214-170-10.isp.broadviewnet.net [216.214.170.10] 7 12 ms 13 ms 13 ms static-64-61-173-45.isp.broadviewnet.net [64.61.173.45] 8 14 ms 13 ms 15 ms GigabitEthernet4-3.GW2.NYC4.ALTER.NET [157.130.11.1] 9 16 ms 12 ms 60 ms GigabitEthernet4-3.GW2.NYC4.ALTER.NET [157.130.11.1] 10 12 ms 17 ms 12 ms 0.so-6-1-2.XL4.NYC4.ALTER.NET [152.63.19.226] 11 12 ms 13 ms 12 ms 0.xe-7-1-0.BR2.NYC4.ALTER.NET [152.63.3.170] 12 124 ms * 23 ms 204.255.168.90 13 * * * Request timed out. 14 * * * Request timed out. 15 * * * Request timed out. 16

Jorge, 1. We type the full name www.gallerygroup.com to access the website 2. I think I have already done this. Where would you like me to check?

Jorge, 1. we have always typed the full name www.gallerygroup.com becuase of this problem 2. I thought I did this, where should I check for you?

You need to go to the internal DNS zone work.com (looks like you revealed, gallerygroup.com) and make sure it is pointing to the correct IP address (looks like currently set to 208.154.44.228. Your website provider needs to give you the correct IP address to point the 'www' DNS record to. The "request timed out." may be misleading as many ISPs and other network providers choose not to respond to ICMP requests. If telnet fails it means either you are connecting to the wrong IP (currently set to 208.154.44.228) or your website provider has not brought the website online (but you said that it was accessible by the internet community so go back to the wrong IP scenario.) I can tell you that you probably have the wrong IP set to the DNS record on your internal DNS zone because your website, www.gallerygroup.com resolves to --> 204.154.44.228. I can access the website with no problem. My recommendation: GO TO YOUR INTERNAL DNS ZONE and update the www.gallerygroup.com record and point it to 204.154.44.228. See my other recommendation (previous post) about the parent record gallerygroup.com.Visit my blog: anITKB.com, an IT Knowledge Base.

All this time troubleshooting for a typo! You are the best! and I feel so stupid :(

Glad it resolved your issue. No need to feel stupid. That what this forum is for, sharing ideas and helping others. Visit my blog: anITKB.com, an IT Knowledge Base.