I have what seems to be a tricky DNS NT4 issue on my network.

From our LAN we can connect to our webservers websites by name or IP address. These web servers are on the other side of our proxy server with their own public IP addresses.

But people on the internet (outside) cannot connect to our websites by website name. They can however connect to our websites by their IP addresses.

So I'm lead to believe this is definitely a DNS issue.

Here's something I do not understand. If our web servers have their own PUBLIC IP addresses, and people on the internet can not resolve the website names, how can WE on the internal LAN be able to resolve them? EVEN THOUGH THEY ARE ON THE PUBLIC SIDE OF OUR NETWORK? PUBLIC IS PUBLIC. Can this perhaps just be our Proxy server working to get the clients connected over, and because the proxy server has an IP address in the same range it can see the other machines (web servers)? That has me a bit stumped.

Anyway, our DNS server seems to be working fine. I logged in, saw that DNS is operational, and the records are all still there. I can ping the DNS server from another (remote) location, but if I run nslookup for any site that our DNS server is responsible for it tells me it is non existant. However if I run NSLOOKUP from the DNS Server, or any of our servers in the same public IP address range it lists the name and ip address correctly.

Any suggestions, or where else to look?

Thanks!

have you registered the ip with interNIC?

yes

everything is registered and was working properly a few days ago

our domain names are registered with directnic.com
and our t-1 from bellsouth.net has a range of ip addresses that are public

I'm thinking there is a conflict somewhere.

For example, 3 of the domains I have on my webservers are:

www.esaonline.com
www.promise-net.com
www.esaconnect.com
www.stiesa.com

My name servers are ns.nnlltd.net and ns2.nnlltd.net. My company DOES NOT OWN nnlltd.net (past admin
does)

I have all domain names registered with directnic.com.
My name servers are entered or supposed to be entered on directnic.com as

ns.nnlltd.net
208.60.99.2

and

ns2.nnlltd.net
208.60.99.8

If I go to http://www.networksolutions.com/cgi-bin/whois/whois

and lookup:

stiesa.com I get:
Domain servers in listed order:
NS.NNLLTD.NET 208.60.99.2
NS2.NNLLTD.NET 208.60.99.8


for promise-net.com I get:
Domain servers in listed order:
NS.NNLLTD.NET 63.167.141.21
NS2.NNLLTD.NET 63.167.141.22


for esaonline.com I get:
Domain servers in listed order:
NS.NNLLTD.NET 63.167.141.21
NS2.NNLLTD.NET 63.167.141.22


for esaconnect.com I get:
Domain servers in listed order:
NS.NNLLTD.NET 208.60.99.2
NS2.CL.BELLSOUTH.NET 205.152.16.8


What the heck? Some point to the 208 address for the NNLLTD.NET and other point to the 63 address.

I am going to have to redo a DNS server, give it another domain name and set it up from scratch and
see what happens perhaps?

don't know if this helps or not but I can ping:
NS.NNLLTD.NET 208.60.99.2
NS2.NNLLTD.NET 208.60.99.8
NS2.CL.BELLSOUTH.NET 205.152.16.8

not the others......

Name servers IP addresses are live, and can be pinged - Just dont resolve names.

thats a problem on your side

Well I'm looking over the information on directnic.com about creating a new name server. It seems to me that theres more to creating a new name server then just loading up and configuring the DNS component and telling the domains to point to that DNS box. You have to actually have your registrar register that server as a name server.

I have never configured a name server from scratch like this so I hope to get the rest of the information from them shortly.

you also have to wait 24-48 hours for domain propogation to settle in,
I don't know how long it's been for you but that might help a bit.

Well today (SATURDAY) I submitted two name servers to directnic.com. Plus I went through all of our domain names and changed the primary/secondary name servers to these new name servers I set up.

So I'm hopingfor early during the week to get this working again.

If you're running your own DNS server that's supposed to respond to queries to the "outside world," you must ensure that interNIC knows to make your DNS server authoritative for those domain names. Otherwise, that DNS server is only a guest name server, and will only serve to resolve DNS host names to other hosts on the net. You must contact your ISP so that they enable this function on your Internet line, then contact interNIC to make the appropriate changes. Your SOA and NS records in your in-house DNS server must have a separate record for each domain you're managing as well, but I'm sure you've already done this.

I just emailed my ISP to see if they need to do anything, but also because I want to use their DNS servers as a backup to my new DNS servers in case this happens again.

I believe the CREATE A NAME SERVER option on DIRECTNIC, where we host and configure our domain names, is what THEY do to register our DNS server address with Internic but I'll find out soon I'm sure.