1

I have a Windows Server 2008 box with two static IP addresses (192.168.xxx.120 and 192.168.xxx.118) running IIS7 thay hosts ~30 websites.

The DNS server on the network is configured to point website traffic to 192.168.xxx.120. Public DNS resolution is done outside the building by a number of third parties.

In the web logs I've noticed that the actual logged address is 192.168.xxx.118 ie not the one pointed to by the DNS.

What's going on here, and how can I make the websites use the address pointed to by the DNS records? The correct IP address has become important to me for SSL certificate resolution.

Crispin

EDIT: I aplolgise because I initially wrote Windows Server 2003, but that was wrong, it's Windows Server 2008. I have both on my network.

TristanK
  • 9,073
  • 2
  • 28
  • 39
CrispinH
  • 123
  • 5

2 Answers2

4

It sounds like you need to bind your sites to the IP you want to use. If you right click on the site in IIS Manager and go to properties there should be a section for IP address. By default it is set to "All Unassigned", which means the site is hosted on all available adapters. If that is set, you can click Adavanced and add an identity to bind it to a specific interface and port.

Also I am pretty sure you are running IIS6. IIS7 isn't available for Windows Server 2003.

Luke
  • 41
  • 3
  • I meant Windows Server 2008 (therefore IIS7) and I have edited the question accordingly. The problem is that I want to the the 192.168.xxx.120 value not the 192.168.xxx.118 value because the DNS is pointing at the former. – CrispinH Nov 26 '13 at 21:36
  • I am a little confused, you may have to explain what you mean by logged address. You have your DNS pointing to 192.168.xxx.120, so I am guessing the interface assigned to that IP is the one you want to use to host the site. You could click on the site in IIS Manager and under Edit Site in the Actions Menu click Bindings. A menu will pop up and if IP Address is set to *, then that website is being hosted on all available adapters. You can click edit and set the IP Address to 192.168.xxx.120. Then the website will only be accessed from the interface with that IP. – Luke Nov 26 '13 at 22:30
  • A typical line in the web log gives the following info: 2013-11-26 16:31:02 192.168.128.118 GET / - 80 - 192.168.128.118 Mozilla/5.0+(compatible;+MSIE+9.0;+Windows+NT+6.0;+WOW64;+Trident/5.0) 200 0 0 468 I have already tried what you suggested - ie select the interface I want - but the site then fails to function. This is what is confusing me too. I was wondering whether I should try a different eg 192.168.yyy.0 instead. – CrispinH Nov 27 '13 at 09:37
0

Sounds like DNS doesn't point where you think it does. That sounds vaguely confirmed by the behaviour you describe when you bind the site to a specific IP.

If it's just one group of clients, eg, external clients using external DNS, then chances are their connections are NATted (translated) anyway, and it could be that the external port 80 mapping from publicname.example.com to an internal address isn't what you think it should be.

To troubleshoot it properly, grab a tool like Wireshark or Network Monitor, and capture some traffic for a little while. You can do that from either the client or the server, or both (both simultaneously gives you the best possible coverage of what a client thinks is happening, and what the server is seeing at the same time, which - depending on networking kit - isn't always the same thing.)

You'll see the source and destination IP address used by incoming and outgoing packets.

If a client resolves a name to an IP address, it connects to that IP address. There's little scope for fiddling with that.

On one of the client machines with the problem, run a quick PING www.example.com to see what its initial impression of the IP address is.

TristanK
  • 9,073
  • 2
  • 28
  • 39
  • I did an nslookup on one of the website's URLs and the IP address returned was 192.168.xxx.120 but using Network Monitor showed that all the traffic was flowing to 192.168.xxx.118. As I'm not a networking expert, just a software developer doing a spot of IT, this has me a bit flummoxed. – CrispinH Nov 29 '13 at 19:34
  • I had made assumptions about how the co-location house had set up the router NAT (five years ago). – CrispinH Dec 12 '13 at 14:53