Cant view my website from different locations

[toralb]

Hi all!

I am a new user and my problem is that i can access the website using a dial up account or a cable connection without problems, but when i try to access it from work which is in a lan environment, i get an error message: We can't find "domain.com" /dnserror.aspx?FORM=DNSAS&q=.

is it because a certain port should be open? there is no no entry in the IP DENY Manager.

THANKS A LOT FOR THE HELP

[kris1351]

You should contact your webhost.

[trout21]

Hi all!

I am a new user and my problem is that i can access the website using a dial up account or a cable connection without problems, but when i try to access it from work which is in a lan environment, i get an error message: We can't find "domain.com" /dnserror.aspx?FORM=DNSAS&q=.

is it because a certain port should be open? there is no no entry in the IP DENY Manager.

THANKS A LOT FOR THE HELP

This sounds very much like your work has some sort of proxy feeding off their own DNS servers.

This is a relatively new site? If so maybe their DNS servers have not been updated with a full list that contains your new site...?

[toralb]

Hi!

Thank you for your answers.

Yes it is a new site.
I know that at work they have norton corporate edition loaded in their server and use a neutopia router. is it because they are blocking any ports on their router and if so which port might that be?

I have contacted my web host www.bigwebhosting.biz, but no answer so far. The problem is that i can not even view his site.

Thanks again for your help.

[trout21]

Hiya,

if you are not even able to view your webhosts site at work and you receive the same dns error then it is almost certain that there is some form of filtering of websites that your work deems not suitable. This may be linked with their proxy only giving out "suitable" DNS entries...

You are able to view normal sites? (normal as in google - dictionary.com etc ) Can you view online mail sites such as hotmail? or do they give you the same error... if this is true then this will be whats going on - sites such as these are the ones that are generally always let through / blocked.

[toralb]

Hi Guys!

Thanks for your answer.

Yes i can view any web site in the world except of my own and my webhost ( www.bigwebhosting.biz).
I asked my IT guy and he said that there is no such filtering. I was able to view my website from work about two weeks ago and all of a sudden i cant. The only thing that has change since then is norton ce was upgraded from 8.0 to 9.0.

I dont understand how come i can view any site in the world but mine and i have no problem viewing my site from any other location.

Thanks again for the help.

[icanectc]

When you say you can view it from Dialup or any other connection outside of work is that because its from your home? Have you tried an actual DIFFERNET location other than your residence? Bind may not be running AT ALL and you think it's up on your end but its actually not.
If the company doesn't use any filtering systems, and even if there DNS is extremely slow to update. After 5 days the system would have to have crawled and gained new info. There should be no REASON in the world after 5 days you can't hit your site from an unfiltered internet connection.

Try going to like a free proxy server website and see if you can hit your website from their.

The DNS zone file in cpanel could be messed up as well.

check dnsreports.com and dnstuff.com for any errors on your domain. The records could be messed up.

[AbsolutelyFreeW]

wouldnt it be a lot easier if you just gave us your domain so we can check??

[toralb]

Hi!

I mean when i use a dial up connection from my workplace(within a lan) i can view/edit my website, but not when i use a normal sdsl connection which is much faster and the default connection which everyone at work uses.
i can view/edit my website from anywhere else but from work.

I followed your advice and run a dns check and this is what i got, but would not understand much of this log.
I hope someone will. Here it is:

Category Status Test Name Information
Parent PASS Missing Direct Parent check OK. Your direct parent zone exists, which is good. Some domains (usually third or fourth level domains, such as example.co.us) do not have a direct parent zone ('co.us' in this example), which is legal but can cause confusion.
INFO NS records at parent servers Your NS records at the parent servers are:

ns1.bigwebhosting.biz. [67.19.206.213 (NO GLUE)] [US]
ns2.bigwebhosting.biz. [67.19.206.214 (NO GLUE)] [US]

[These were obtained from g.gtld-servers.net]
PASS Parent nameservers have your nameservers listed OK. When someone uses DNS to look up your domain, the first step (if it doesn't already know about your domain) is to go to the parent servers. If you aren't listed there, you can't be found. But you are listed there, with 2 entries.
WARN Glue at parent nameservers WARNING. The parent servers (I checked with g.gtld-servers.net.) are not providing glue for all your nameservers. This means that they are supplying the NS records (host.example.com), but not supplying the A records (192.0.2.53), which can cause slightly slower connections, and may cause incompatibilities with some non-RFC-compliant programs. This is perfectly acceptable behavior per the RFCs. This will usually occur if your DNS servers are not in the same TLD as your domain (for example, a DNS server of "ns1.example.org" for the domain "example.com"). In this case, you can speed up the connections slightly by having NS records that are in the same TLD as your domain.
NS INFO NS records at your nameservers Your NS records at your nameservers are:

ns2.21hostingservers.com. [TTL=14400]
ns1.21hostingservers.com. [TTL=14400]


PASS All nameservers report identical NS records OK. The NS records at all your nameservers are identical.
PASS All nameservers respond OK. All of your nameservers listed at the parent nameservers responded.
PASS Nameserver name validity OK. All of the NS records that your nameservers report seem valid (no IPs or partial domain names).
PASS Number of nameservers OK. You have 2 nameservers. You must have at least 2 nameservers (RFC2182 section 5 recommends at least 3 nameservers), and preferably no more than 7.
PASS Lame nameservers OK. All the nameservers listed at the parent servers answer authoritatively for your domain.
FAIL Missing (stealth) nameservers FAIL: You have one or more missing (stealth) nameservers. The following nameserver(s) are listed (at your nameservers) as nameservers for your domain, but are not listed at the the parent nameservers (therefore, they may or may not get used, depending on whether your DNS servers return them in the authority section for other requests, per RFC2181 5.4.1). You need to make sure that these stealth nameservers are working; if they are not responding, you may have serious problems! The DNS Report will not query these servers, so you need to be very careful that they are working properly.

ns2.21hostingservers.com.ns1.21hostingservers.com.
This is listed as an ERROR because there are some cases where nasty problems can occur (if the TTLs vary from the NS records at the root servers and the NS records point to your own domain, for example).
FAIL Missing nameservers 2 ERROR: One or more of the nameservers listed at the parent servers are not listed as NS records at your nameservers. The problem NS records are:
ns1.bigwebhosting.biz.
ns2.bigwebhosting.biz.

PASS No CNAMEs for domain OK. There are no CNAMEs for domain.com. RFC1912 2.4 and RFC2181 10.3 state that there should be no CNAMEs if an NS (or any other) record is present. Note that I only checked shqiperi.net, I did not check the NS records, which should not have CNAMEs either.
PASS No NSs with CNAMEs OK. There are no CNAMEs for your NS records. RFC1912 2.4 and RFC2181 10.3 state that there should be no CNAMEs if an NS (or any other) record is present.
WARN Nameservers on separate class C's WARNING: We cannot test to see if your nameservers are all on the same Class C (technically, /24) range, because the root servers are not sending glue. We plan to add such a test later, but today you will have to manually check to make sure that they are on separate Class C ranges. Your nameservers should be at geographically dispersed locations. You should not have all of your nameservers at the same location. RFC2182 3.1 goes into more detail about secondary nameserver location.
PASS All NS IPs public OK. All of your NS records appear to use public IPs. If there were any private IPs, they would not be reachable, causing DNS delays.
INFO Nameservers versions Your nameservers have the following versions:

67.19.206.213: "9.2.4rc6"
67.19.206.214: "9.2.4rc6"

[toralb]

part 2 of the report:

FAIL Stealth NS record leakage Your DNS servers leak stealth information in non-NS requests:

Stealth nameservers are leaked [ns2.21hostingservers.com.]!
Stealth nameservers are leaked [ns1.21hostingservers.com.]!

This can cause some serious problems (especially if there is a TTL discrepancy). If you must have stealth NS records (NS records listed at the authoritative DNS servers, but not the parent DNS servers), you should make sure that your DNS server does not leak the stealth NS records in response to other queries.
SOA INFO SOA record Your SOA record [TTL=14400] is:
Primary nameserver: ns1.21hostingservers.com.
Hostmaster E-mail address: daz_ultra16.hotmail.com.
Serial #: 2004101801
Refresh: 14400
Retry: 7200
Expire: 3600000
Default TTL: 86400

PASS NS agreement on SOA serial # OK. All your nameservers agree that your SOA serial number is 2004101801. That means that all your nameservers are using the same data (unless you have different sets of data with the same serial number, which would be very bad)! Note that the DNS Report only checks the NS records listed at the parent servers (not any stealth servers).

WARN SOA MNAME Check WARNING: Your SOA (Start of Authority) record states that your master (primary) name server is: ns1.21hostingservers.com.. However, that server is not listed at the parent servers as one of your NS records! This is probably legal, but you should be sure that you know what you are doing.
PASS SOA RNAME Check OK. Your SOA (Start of Authority) record states that your DNS contact E-mail address is: daz_ultra16@hotmail.com. (techie note: we have changed the initial '.' to an '@' for display purposes).
PASS SOA Serial Number OK. Your SOA serial number is: 2004101801. This appears to be in the recommended format of YYYYMMDDnn, where 'nn' is the revision. For example, if you are making the 3rd change on 02 May 2000, you would use 2000050203. This number must be incremented every time you make a DNS change.
WARN SOA REFRESH value WARNING: Your SOA REFRESH interval is : 14400 seconds. This seems a bit high. You should consider decreasing this value to about 3600-7200 seconds. RFC1912 2.2 recommends a value between 1200 to 43200 seconds (20 minutes to 12 hours, with the longer time periods used for very slow Internet connections; 12 hours seems very high to us), although some registrars may limit you to 10000 seconds or higher, and if you are using DNS NOTIFY the refresh value is not as important (RIPE recommends 86400 seconds if using DNS NOTIFY). This value determines how often secondary/slave nameservers check with the master for updates. A value that is too high will cause DNS changes to be in limbo for a long time.
PASS SOA RETRY value OK. Your SOA RETRY interval is : 7200 seconds. This seems normal (about 120-7200 seconds is good). The retry value is the amount of time your secondary/slave nameservers will wait to contact the master nameserver again if the last attempt failed.
WARN SOA EXPIRE value WARNING: Your SOA EXPIRE time is : 3600000 seconds. This seems a bit high. You should consider decreasing this value to about 1209600 to 2419200 seconds (2 to 4 weeks). RFC1912 recommends 2-4 weeks. This is how long a secondary/slave nameserver will wait before considering its DNS data stale if it can't reach the primary nameserver.
PASS SOA MINIMUM TTL value OK. Your SOA MINIMUM TTL is: 86400 seconds. This seems normal (about 3,600 to 86400 seconds or 1-24 hours is good). RFC2308 suggests a value of 1-3 hours. This value used to determine the default (technically, minimum) TTL (time-to-live) for DNS entries, but now is used for negative caching.
MX INFO MX Record Your 1 MX record is:
0 domain.com. [TTL=14400] IP=67.19.206.212 [TTL=14400] [US]

PASS Invalid characters OK. All of your MX records appear to use valid hostnames, without any invalid characters.
PASS All MX IPs public OK. All of your MX records appear to use public IPs. If there were any private IPs, they would not be reachable, causing slight mail delays, extra resource usage, and possibly bounced mail.
PASS MX records are not CNAMEs OK. Looking up your MX record did not just return a CNAME. If an MX record query returns a CNAME, extra processing is required, and some mail servers may not be able to handle it.
PASS MX A lookups have no CNAMEs OK. There appear to be no CNAMEs returned for A records lookups from your MX records (CNAMEs are prohibited in MX records, according to RFC974, RFC1034 3.6.2, RFC1912 2.4, and RFC2181 10.3).
PASS MX is host name, not IP OK. All of your MX records are host names (as opposed to IP addresses, which are not allowed in MX records).
WARN Multiple MX records WARNING: You only have 1 MX record. If your primary mail server is down or unreachable, there is a chance that mail may have troubles reaching you.
PASS Duplicate MX records OK. You do not have any duplicate MX records (pointing to the same IP). Although technically valid, duplicate MX records can cause a lot of confusion, and waste resources.
PASS Reverse DNS entries for MX records OK. The IPs of all of your mail server(s) have reverse DNS (PTR) entries. RFC1912 2.1 says you should have a reverse DNS for all your mail servers. It is strongly urged that you have them, as many mailservers will not accept mail from mailservers with no reverse DNS entry. Note that this information is cached, so if you changed it recently, it will not be reflected here (see the www.DNSstuff.com Reverse DNS Tool for the current data). The reverse DNS entries are:

212.206.19.67.in-addr.arpa hosting.21hostingservers.com. [TTL=86400]


Mail PASS Connect to mail servers OK: I was able to connect to all of your mailservers.
WARN Mail server host name in greeting WARNING: One or more of your mailservers may be claiming to be a host other than what it really is (the SMTP greeting should be a 3-digit code, followed by a space or a dash, then the host name). This probably won't cause any harm, but may be a technical violation of RFC821 4.3 (and RFC2821 4.3.1).

shqiperi.net claims to be host hosting.21hostingservers.com.


PASS Acceptance of NULL <> sender OK: All of your mailservers accept mail from "<>". You are required (RFC1123 5.2.9) to receive this type of mail (which includes reject/bounce messages and return receipts).
PASS Acceptance of postmaster address OK: All of your mailservers accept mail to postmaster@domain.com (as required by RFC822 6.3, RFC1123 5.2.7, and RFC2821 4.5.1).
PASS Acceptance of abuse address OK: All of your mailservers accept mail to abuse@domain.com.
WARN Acceptance of domain literals WARN: One or more of your mailservers does not accept mail in the domain literal format (user@[0.0.0.0]). Mailservers are technically required RFC1123 5.2.17 to accept mail to domain literals for any of its IP addresses. Not accepting domain literals can make it more difficult to test your mailserver, and can prevent you from receiving E-mail from people reporting problems with your mailserver. However, it is unlikely that any problems will occur if the domain literals are not accepted.

shqiperi.net's postmaster@[67.19.206.212] response:
>>> RCPT TO:<postmaster@[67.19.206.212]>
<<< 501 : domain literals not allowed


PASS Open relay test OK: All of your mailservers appear to be closed to relaying. This is not a thorough check, you can get a thorough one here.
shqiperi.net OK: 550-test.dnsstuff.com (test.DNSreport.com) [69.2.200.182] is currently not 550-permitted to relay through this server. Perhaps you have not logged into 550-the pop/imap server in the last 30 minutes or do not have SMTP 550 Authentication turned on in your email client.

WARN SPF record Your domain does not have an SPF record. This means that spammers can easily send out E-mail that looks like it came from your domain, which can make your domain look bad (if the recipient thinks you really sent it), and can cost you money (when people complain to you, rather than the spammer). You may want to add an SPF record ASAP, as 01 Oct 2004 was the target date for domains to have SPF records in place (Hotmail, for example, started checking SPF records on 01 Oct 2004).
WWW INFO WWW Record Your www.domain.com A record is:

www.domain.com. CNAME domain.com. [TTL=14400]
domain.com. A 67.19.206.212 [TTL=14400] [US]


PASS All WWW IPs public OK. All of your WWW IPs appear to be public IPs. If there were any private IPs, they would not be reachable, causing problems reaching your web site.
PASS CNAME Lookup OK. You do have a CNAME record for www.domain.com, which can cause some confusion. However, this is legal. Your CNAME entry also returns the A record for the CNAME entry, which is good -- otherwise, it would require an extra DNS lookup, which slightly delays the initial access to the website and use extra bandwidth. Note that if the CNAME points to another CNAME, it will likely cause problems.


Thanks a lot for your help.

[toralb]

sure ...the domain name is www.shqiperi.net

[AbsolutelyFreeW]

well, your site works from here, which means, it is not your hosts fault.

it can be

1. firewall at your work. somehow they don't allow that ip, that kind of site, a special port etc

2. it can be your works nameservers. try to change the dns nameservers that your computer uses. go into the lan connection settings, instead of automatically use dns server, put the ip of 2 good name servers there. I would think this is the cause

3. it can be a bad link between the two places. run a tracert from the commando prompt from your work computer and see where it goes wrong or if it simply says there is no such domain. if it says no such domain then it is number 2.

ok hope this helps btw I didnt go through your report. did dnsstuff indicate anything to be red (fail?)

[toralb]

thanks for the reply

this is the fail part of the dns report:

Missing (stealth) nameservers FAIL:

1>You have one or more missing (stealth) nameservers. The following nameserver(s) are listed (at your nameservers) as nameservers for your domain, but are not listed at the the parent nameservers (therefore, they may or may not get used, depending on whether your DNS servers return them in the authority section for other requests, per RFC2181 5.4.1). You need to make sure that these stealth nameservers are working; if they are not responding, you may have serious problems! The DNS Report will not query these servers, so you need to be very careful that they are working properly.


2>Missing nameservers 2 ERROR: One or more of the nameservers listed at the parent servers are not listed as NS records at your nameservers. The problem NS records are:
ns1.bigwebhosting.biz.
ns2.bigwebhosting.biz.


3>Stealth NS record leakage Your DNS servers leak stealth information in non-NS requests:

Stealth nameservers are leaked [ns2.21hostingservers.com.]!
Stealth nameservers are leaked [ns1.21hostingservers.com.]!

This can cause some serious problems (especially if there is a TTL discrepancy). If you must have stealth NS records (NS records listed at the authoritative DNS servers, but not the parent DNS servers), you should make sure that your DNS server does not leak the stealth NS records in response to other queries.



this is the tracert report:

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

P:\>tracert www.shqiperi.net

Tracing route to shqiperi.net [67.19.206.212]
over a maximum of 30 hops:

1 <1 ms <1 ms <1 ms 192.168.0.1
2 7 ms 8 ms 8 ms dsl04.40nr.tor.futureway.com [64.119.96.11]
3 50 ms 9 ms 8 ms core01.40nr.futureway.com [64.119.96.3]
4 9 ms 8 ms 9 ms 955.FastEthernet4-0-0.BB5.TOR2.ALTER.NET [216.95
.217.97]
5 9 ms 9 ms 8 ms POS4-0.XR1.TOR2.ALTER.NET [152.63.133.74]
6 9 ms 9 ms 9 ms 0.so-0-0-0.TL1.TOR2.ALTER.NET [152.63.2.109]
7 44 ms 44 ms 45 ms 0.so-4-0-0.TL1.DFW9.ALTER.NET [152.63.0.181]
8 45 ms 45 ms 45 ms 0.so-7-0-0.CL1.DFW13.ALTER.NET [152.63.103.218]

9 46 ms 45 ms 46 ms POS6-0.GW1.DFW13.ALTER.NET [152.63.103.85]
10 50 ms 51 ms 49 ms theplanet-gw.customer.alter.net [157.130.143.226
]
11 60 ms 57 ms 56 ms dsr2-1-v1.dllstx4.theplanet.com [12.96.160.7]
12 54 ms 49 ms 54 ms gig1-0-2.tp-car8-1.dllstx4.theplanet.com [67.18.
116.83]
13 * * * Request timed out.
14 * * * Request timed out.
15 * * * Request timed out.
16 * * * Request timed out.
17 * * * Request timed out.
18 * * * Request timed out.
19 * * * Request timed out.
20 * * * Request timed out.
21 * * * Request timed out.
22 * * * Request timed out.
23 * * * Request timed out.
24 * * * Request timed out.
25 * * * Request timed out.
26 * * * Request timed out.
27 * * * Request timed out.
28 * * * Request timed out.
29 * * * Request timed out.
30 * * * Request timed out.

Trace complete.

P:\>

Thank you

[AbsolutelyFreeW]

the red things in dnsreport doesnt look good, but it seems to work, because I dont have a problem looking up your host, and neither do you.

I do get timeouts from my place but it finaly founds the server.. I don't know why, if its your server filtering out your work ip and not answering, or vice verse.. your work doesn't allow the packet from there to come in..

do you know if you are using proxies or firewalls? you may want to turn off firewall or bypass the proxy to see if there is a change...

[icanectc]

Well the nameservers leaking are not a good thing. But should not affect the ability to hit the site.

Try these DNS servers:
By doing what the other guy said sorry forgot his name and to lazy to scroll down:P

205.152.144.23
205.152.132.23

well if you don't understand how to change the DNS on the internet connection let me know how you connect and what kind of DSL modem you have and if you have access to it.
The way the other guy said might work, but it may need to be adjusted at the modems level.