Multiple Sites, 1 IP, IIS6.0, Can't get second site to work. Options

[rsteph]

I've got a Windows Server 2003 system with 1 public IP. I'm trying to set it up to host two different sites/domains from the one server (www.site1.com & www.site2.com). I've set up host headers to handle the sites.

The first site is up and running, and has been for quite a while. I've got the second site on there, I've got the host headers set up, and I can get to the site internally using IE (I can type in www.site2.com and it shows the site, and the navigation works). But when I go home and try and log on to www.site2.com I can't get the page to come up. www.site1.com still works from inside or outside the local network.

I believe the problem may be coming from connection problems with the Port 53 upd/tcp connection - but I can't swear to that. It looks like my DNS server is not responding incoming port 53 UDP or TCP connections on the second site. No apparent problems with the first site though. I looked into and noticed that Site1.com has a subfolder for each of _upd & _tcp as well as _sites & _msdcs, each with a number of records in it. Site2.com doesn't seem to have those subfolders with records. What would be the best way to go about adding these?

I put the second domain into www.dnsstuff.com, I got a Fail in the NS catagory, on the NS test name. The information is as follows: "A timeout occurred getting the NS records from your nameservers! None of your nameservers responded fast enough. They are probably down or unreachable. I can't continue since your nameservers aren't responding. If you have a Watchguard Firebox, it's due to a bug in their DNS Proxy, which must be disabled (31 Jul 2006 UPDATE: several years after being informed of this, there is a rumor that there is a fix that allows the Watchguard DNS proxy to work)."

Unfortunantly I can't see any suggestions on how to fix this, since I don't have a Watchguard Firebox (to my knowledge anyway).

[rabbit994]

Do a DNSReport.com

My guess is NS servers are not pointed correctly at domain registrar.

_msdcs and _junk is Windows domain being set up. Why one was set up I have no idea but it's probably not needed.

[rsteph]

I ran the report, in the parent catagory everything passes, and the NS records at parent server point to our Public IP address. We have 4 NS Records, all pointing to the same server, using it's public IP address (not the internal address). It's on the NS catagory end that I get a failure:

A timeout occurred getting the NS records from your nameservers! None of your nameservers responded fast enough. They are probably down or unreachable. I can't continue since your nameservers aren't responding. If you have a Watchguard Firebox, it's due to a bug in their DNS Proxy, which must be disabled (31 Jul 2006 UPDATE: several years after being informed of this, there is a rumor that there is a fix that allows the Watchguard DNS proxy to work).

The first site passes everything though, and shows a lot more tests, so there has to be some setting somewhere in the first site that's wrong in the second site. The one obvious difference to me is that Site1.com has a subfolder for each of _upd & _tcp as well as _sites & _msdcs, each with a number of records in it. Site2.com doesn't seem to have those subfolders with records. Also, I know in the host headers, Site1.com uses the default [all unassigned] for the IP address, it wouldn't seem to work with Site2.com so I had to specify for the internal IP of the DNS server, as well as making a public IP entry. The second site is indianacomfortteam.com if it would help to do the test yourself.

[rabbit994]

I ran the report, in the parent catagory everything passes, and the NS records at parent server point to our Public IP address. We have 4 NS Records, all pointing to the same server, using it's public IP address (not the internal address). It's on the NS catagory end that I get a failure:

A timeout occurred getting the NS records from your nameservers! None of your nameservers responded fast enough. They are probably down or unreachable. I can't continue since your nameservers aren't responding. If you have a Watchguard Firebox, it's due to a bug in their DNS Proxy, which must be disabled (31 Jul 2006 UPDATE: several years after being informed of this, there is a rumor that there is a fix that allows the Watchguard DNS proxy to work).

Obviously at IP 67.98.138.34 there is no DNS server running. Why not, I have no clue, it's up to you to tell me why. Maybe it's running and you have a firewall. Since this box is not ThePlanet box, I imagine that is case. (highly probable considering something at that IP is responding to telnet request)

The first site passes everything though, and shows a lot more tests, so there has to be some setting somewhere in the first site that's wrong in the second site. The one obvious difference to me is that Site1.com has a subfolder for each of _upd & _tcp as well as _sites & _msdcs, each with a number of records in it. Site2.com doesn't seem to have those subfolders with records.

Those records relate to Windows 2003 Domain running. As in domain with a domain controller. Most sites do not require those records but since atlashvac.com seems to be running exchange, it would explain why there is domain running. It will be also notable that atlashvac.com DNS servers are not pointed at 67.98.138.34. Let subfolder thing go, it's not your problem, the problem is lack of DNS server running.

Also, I know in the host headers, Site1.com uses the default [all unassigned] for the IP address, it wouldn't seem to work with Site2.com so I had to specify for the internal IP of the DNS server, as well as making a public IP entry. The second site is indianacomfortteam.com if it would help to do the test yourself.

First off, Host Headers NOT RELATED to DNS set up. Also, you can have a website on IP as well host headers set up behind it so one site will resolve to all unknown HTTP requests and other sites behind that will respond to HTTP requests with proper Host Headers.

Example
Site1.com set to all unassigned IP addresses with added host headers of www.site1.com and site.com. This site will respond to any HTTP request that www.site1.com/site1.com or unknown HTTP request.

Site2 set to all unassigned IP address with host header of www.site2.com/site2.com. Site2 will only respond to HTTP requests will right host headers.

However, all this is just talk.

YOU MUST GET 67.98.138.94 RESPONDING TO DNS REQUESTS. NOTHING ELSE CAN BE "FIXED" TILL THIS IS ACCOMPLISHED.

[rsteph]

The IP Address that shows for atlashvac.com appears to be a Network Solutions server (where the domain was registered), then within that account we have everything forwarded to our public IP address (the same one shown for indianacomfortteam.com).

We've attempted to setup the same thing with the domain registrar for indianacomfortteam.com, though it's possible that we are having a problem with the connection between them, and forwarding requests to our server. The IP address shown for indianacomfortteam.com is the public IP address for our websites.

I guess I'll have to try talking with the other registrar again and see if I can find a problem.

[rabbit994]

The IP Address that shows for atlashvac.com appears to be a Network Solutions server (where the domain was registered), then within that account we have everything forwarded to our public IP address (the same one shown for indianacomfortteam.com).

We've attempted to setup the same thing with the domain registrar for indianacomfortteam.com, though it's possible that we are having a problem with the connection between them, and forwarding requests to our server. The IP address shown for indianacomfortteam.com is the public IP address for our websites.

I guess I'll have to try talking with the other registrar again and see if I can find a problem.

Err....ok

However, I think your throughly confused but maybe I am. This is NOT, I REPEAT NOT IIS problem, this is DNS server problem.

[rsteph]

I know I'm confused... I've never really delt with web hosting before. Any websites I've worked on in the past were always hosted by the same people the name was registered through. This is my first time having to deal with a locally hosted website/DNS/SMTP/etc.

I've been playing with the Name Server info for indianacomfortteam.com. So far I've successfully lost connection to the site even from within our network. Hopefully I'll find something soon enough. I've had problems finding any really useful walkthrough/information to help me with this.

[rabbit994]

I know I'm confused... I've never really delt with web hosting before. Any websites I've worked on in the past were always hosted by the same people the name was registered through. This is my first time having to deal with a locally hosted website/DNS/SMTP/etc.

I've been playing with the Name Server info for indianacomfortteam.com. So far I've successfully lost connection to the site even from within our network. Hopefully I'll find something soon enough. I've had problems finding any really useful walkthrough/information to help me with this.

I think your overestimating the problem. The problem is quite simple, the server isn't responding to DNS requests on port 53 TCP/UDP. Either your DNS server is offline (check under Administrative Tools -> Service -> DNS server is set to automatic and is started) and firewall is not blocking it. Check both of those FIRST before playing around in IIS or DNS server console. Your making this complex because your not attempting to solve the lower level problems first.

[rsteph]

I checked the DNS service, and it is set to automatic and started. I've also checked our firewall, we do not appear to be blocking port 53.

[rabbit994]

I checked the DNS service, and it is set to automatic and started. I've also checked our firewall, we do not appear to be blocking port 53.

Still not responding so I'm not sure what the problem is but your firewall or something isn't passing Port 53 UDP/TCP through properly.

[mthosting]

FYI when i do a trace route to 67.98.138.94 it gets stuck in a routing loop. So, there is something else wrong here.

[rsteph]

Well I found that port 53 was in fact being blocked... In my frustration I forgot to check on the router itself (that and because it's settings are handled by someone else). So I got port 53 opened, so that shouldn't be a problem now. However I'm still getting the same NS error from dnsreport.com.

[rabbit994]

Well I found that port 53 was in fact being blocked... In my frustration I forgot to check on the router itself (that and because it's settings are handled by someone else). So I got port 53 opened, so that shouldn't be a problem now. However I'm still getting the same NS error from dnsreport.com.

Is it being both UDP AND TCP open? Also, are those port 53 requests being forwarded to proper server? (assuming nat)