Cannot access www.microsoft.com when using our internal DNS server
We have a joint windows and netware environment. Prior to the windows domain environment being added for a feiw users, we pointed workstation DNS to our ISP's dns servers. No problems. With the advent of the windows AD environment, the Windows 2003 domain controller, also the DNS server, is now being used as the DNS controller for some of the users connected to the domain.
For testing, we have some other users, not logged into the domain, that are pointing to our Windows 2003 DNS server, 192.168.1.40. However, when we try to access www.microsoft.com, it does not respond. Pinging it does not resolve the IP address (which does is we use one of the workstations that connects directly to our ISP's dns servers.
Also, if we try to access www.cnn.com, it is real slow. Other external websites do not appear to be a problem. The gateway address 192.168.1.1 does pass through an IPRISM internet filtering/management device. All the other users that connect directly to the ISP's DNS, not being forwarded through the Windows 2003 DNS server, also go through the IPRISM device.
Any ideas on what is the problem or how to troubleshoot it?
Cliff.
For testing, we have some other users, not logged into the domain, that are pointing to our Windows 2003 DNS server, 192.168.1.40. However, when we try to access www.microsoft.com, it does not respond. Pinging it does not resolve the IP address (which does is we use one of the workstations that connects directly to our ISP's dns servers.
Also, if we try to access www.cnn.com, it is real slow. Other external websites do not appear to be a problem. The gateway address 192.168.1.1 does pass through an IPRISM internet filtering/management device. All the other users that connect directly to the ISP's DNS, not being forwarded through the Windows 2003 DNS server, also go through the IPRISM device.
Any ideas on what is the problem or how to troubleshoot it?
Cliff.
ASKER
That is the problem. We have this configured exactly as you state and it works for other addresses, but not www.microsoft.com. That will not resolve. In addition, some other sites, like cnn.com resolve very slowly. From the server, we can ping (no response but it provides address) for microsoft.com, but not www.microsoft.com.
We are trying to determing what is causing a few sites to not work, like www.microsoft.com.
We are trying to determing what is causing a few sites to not work, like www.microsoft.com.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
3. We have 4 addresses, which are the same 4, 2 from our DSL provider and 2 from our cable provider, that we use without problem for those users that do not go through Windows 2003 DNS as they are not connected to the domain, just to the netware system (which does not have DNS configured) and go directly to the ISP.
Will look at the other items.
Will look at the other items.
ASKER
None of your suggestions worked. I then turned on debugging and looked at the log. Put in the error message for the dns lookup that was failing it it pointed to extended dns and limitations on DNS UDP packet size at 512 and the fact that the edns can cause error with some site. The Cisco PIX had a fixup dns max packet size 512. Changing that to 1500 resolved the problem.
ASKER
feptias did not really answer the question but I will allocate the points anyways.
Thanks. I'm pleased you've fixed it.
To set forwarding on your internal DNS server, open the DNS management console, right click on the DNS server and select properties. There is a tab on this form called Forwarders. Under "DNS Domain" it should say "All other DNS domains" and this line should be highlighted. In the section below called "Selected domain's forwarder IP address list" you should add your ISP's DNS server IP address.