?
Solved

Potential DNS Resolution Error; Page not found on selected web sites

Posted on 2005-03-22
10
Medium Priority
?
388 Views
Last Modified: 2012-08-14
We have run into an issue where I was browsing Hewlett Packards website for driver downloads and got a page not found.
I bounced e-mails with the webmaster and they indicated all was fine on their side.

I go to:

http://h20180.www2.hp.com/apps/Lookup?h_lang=en&h_cc=us&cc=us&h_page=hpcom&lang=en&h_client=S-A-R163-1&h_pagetype=s-002&h_query=DC5000&submit.x=1&submit.y=4

which is the query page for DC5000 workstation drivers.  When I select any of the three selections on the list I get page not found.  

The page it is being redirected to is:

http://h18007.www1.hp.com/support/files/hpcpqdt/us/family/model/6021.html?submit.y=4&submit.x=1&lang=en&cc=us

h20180.www2.hp.com resolves as 161.114.82.23
h18007.www1.hp.com resolves as 161.114.19.252


This problem started about 3 weeks ago, about 2 weeks ago patched up my server environment with all the MS patches currently available so I don't think that is the issue.

My enviroment is 1 Windows 2003 DC and 2 Windows 2000 DC's (1 acting as DNS).  We are setup as Active Directory Integrated on DNS.

After HP said no problem I thought it might be our Firewall.  I checked out the firewall and I was not dropping any packets when initiating the search.

I then plugged in a laptop between the router and firewall and configured an external address with an external DNS server and it worked.

I then went to my workstation and added an external DNS address.  Thus, my workstation had my two internal DNS server addresses and the third external address of 4.2.2.1 and I was able to access the page.

The same day I was asked to do a Webex session and got the same problem w/o the external DNS address and using the external DNS address it worked.

The curious thing is that about 99.9% of websites are being resolved only a select few are not.

The reason it doesn't work is that the internal DNS server does not resolve that this name:  http://h18007.www1.hp.com/
This was verified by doing an NSLOOKUP on the above address and it times out.  External to our network it works.  

Now all these pages worked approximately 3 weeks ago and now don't work.  NO CHANGES have been made to my DNS server.

I even cleared the cache lookup on my two DNS servers.  I also rebooted the DC with no luck.

My reverse DNS is setup as:

0.in-addr.arpa
10.in-addr.arpa
127.in-addr.arpa
255.in-addr.arpa

I'm not getting any relevant DNS event log errors when accessing the problem page.

OK, hopefully someone out there has some ideas.

Thanks



0
Comment
Question by:Dabowitt
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 5
10 Comments
 
LVL 33

Expert Comment

by:NJComputerNetworks
ID: 13604397
Huh...I'm not exactly sure what might be the problem but I think I could give you some things to check.

First, I think it is best if you have all of your clients and member servers in your domain point to your Internal Windows DNs servers.  Then have your DNS Servers forward requests to your ISP DNS servers.

- Judging from what you wrote, I think you already have this in place.

I was also curious to learn that when you put your ISP DNS address in on your client machine, you were able to resolve this HP web site.

**  Because of this, I would go into the DNS console on all of your DNs servers.  Check the Forwarders tab...make sure that all of the DNS servers listed here are working.  Remove any that are not.  

** It sounds like you have already cleared your cache on your DNs server...but I would manually go in and look for this HP.com cache.  Delete it if you find it...

** I would also use NSLOOKUP from a command prompt to further trouble shoot this issue.  IT sounds like the remote server and Internet DNS servers are working just fine.  In fact, I tested my resolution for this and found it to be OK.  Threrefore, there is probably some kind of forwarding problem on your DNs server or your ISP Dns servers.

Use NSLOOKUP and try to resolve h18007.www1.hp.com.

If you don't succeed the first time...try multiple times...  

Now increase the debugging level of NSLOOKUP --

SET DB2

Now...search again....check the output for problems...

-Hope some of this helps...
0
 

Author Comment

by:Dabowitt
ID: 13604638
cleared cache manually and watched as rebuilt when trying to resolve name, no luck.  

Forwarding looks fine and we have changed nothing in the past 2.5 years.

Need help.  Not familiar with SET DB2 command.  Please help with syntax didn't see syntax in list of NSLookup commands.
0
 
LVL 33

Expert Comment

by:NJComputerNetworks
ID: 13604992
After your in NSLOOKUP, just type SET DB2

C:\Documents and Settings\poandjo>nslookup
Default Server:  MyDNSServer
Address:  10.0.0.1

(now type SET DB2)

> set db2    <this puts NSLOOKUP in debugging mode


> h18007.www1.hp.com
Server:  MyDNSServer
Address:  10.0.0.1

------------
Got answer:
    HEADER:
        opcode = QUERY, id = 2, rcode = NXDOMAIN
        header flags:  response, auth. answer, want recursion,
        questions = 1,  answers = 0,  authority records = 1,

    QUESTIONS:
        h18007.www1.hp.com.domain2.local, type = A, class = IN
    AUTHORITY RECORDS:
    ->  mydnsserver.domain.local
        ttl = 86400 (1 day)
        primary name server = mydnsserver.domain.local
        responsible mail addr = root.mydnsserver.domain.local
        serial  = 4141658
        refresh = 10800 (3 hours)
        retry   = 3600 (1 hour)
        expire  = 604800 (7 days)
        default TTL = 180 (3 mins)

------------
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 3, rcode = NXDOMAIN
        header flags:  response, auth. answer, want recursion,
        questions = 1,  answers = 0,  authority records = 1,

    QUESTIONS:
        h18007.www1.hp.com.domain.local, type = A, class = IN
    AUTHORITY RECORDS:
    ->  domain.local
        ttl = 3600 (1 hour)
        primary name server = mydnsserver.domain.local
        responsible mail addr = admin.domain.local
        serial  = 942404
        refresh = 3600 (1 hour)
        retry   = 3600 (1 hour)
        expire  = 604800 (7 days)
        default TTL = 3600 (1 hour)

------------
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 4, rcode = NXDOMAIN
        header flags:  response, auth. answer, want recursion,
        questions = 1,  answers = 0,  authority records = 1,

    QUESTIONS:
        h18007.www1.hp.com.ey.com, type = A, class = IN
    AUTHORITY RECORDS:
    ->  domain.local
        ttl = 3600 (1 hour)
        primary name server = mydnsserver.domain.local
        responsible mail addr = root.mydnsserver.domain.local
        serial  = 2004012371
        refresh = 1800 (30 mins)
        retry   = 3600 (1 hour)
        expire  = 604800 (7 days)
        default TTL = 3600 (1 hour)

------------
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 6, rcode = NOERROR
        header flags:  response, want recursion, recursion ava
        questions = 1,  answers = 2,  authority records = 2,

    QUESTIONS:
        h18007.www1.hp.com, type = A, class = IN
    ANSWERS:
    ->  h18007.www1.hp.com
        canonical name = www.compaq.com
        ttl = 600 (10 mins)
    ->  www.compaq.com
        internet address = 161.114.19.252
        ttl = 975 (16 mins 15 secs)
    AUTHORITY RECORDS:
    ->  www.compaq.com
        nameserver = ddhou.compaq.com
        ttl = 6375 (1 hour 46 mins 15 secs)
    ->  www.compaq.com
        nameserver = ddtay.compaq.com
        ttl = 6375 (1 hour 46 mins 15 secs)
    ADDITIONAL RECORDS:
    ->  ddhou.compaq.com
        internet address = 161.114.1.10
        ttl = 82267 (22 hours 51 mins 7 secs)
    ->  ddtay.compaq.com
        internet address = 161.114.64.47
        ttl = 82267 (22 hours 51 mins 7 secs)

------------
Non-authoritative answer:
Name:    www.compaq.com
Address:  161.114.19.252
Aliases:  h18007.www1.hp.com



From here you can see detial of where your DNS was forwarded to to actually find a answer.  
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 

Author Comment

by:Dabowitt
ID: 13605184
Here is the reply: Modified to remove names of my servers and network. Forwarding not working???

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

Z:\>nslookup
Default Server:  abcserver.domain.local
Address:  10.0.0.40

> set db2
> h18007.www1.hp.com
Server:  abcserver.domain.local
Address:  10.0.0.40

------------
Got answer:
    HEADER:
        opcode = QUERY, id = 2, rcode = NXDOMAIN
        header flags:  response, auth. answer, want recursion, recursion avail.
        questions = 1,  answers = 0,  authority records = 1,  additional = 0

    QUESTIONS:
        h18007.www1.hp.com.domain.local, type = A, class = IN
    AUTHORITY RECORDS:
    ->  domain.local
        ttl = 3600 (1 hour)
        primary name server = abcserver.domain.local
        responsible mail addr = admin
        serial  = 7058
        refresh = 900 (15 mins)
        retry   = 600 (10 mins)
        expire  = 86400 (1 day)
        default TTL = 3600 (1 hour)

------------
DNS request timed out.
    timeout was 2 seconds.
timeout (2 secs)
*** Request to abcserver.domain.local timed-out
>
0
 
LVL 33

Expert Comment

by:NJComputerNetworks
ID: 13605331
Can you do the same nslookup but for something that works....like Microsoft.com?  and show the output?

( Check the Forwarders tab in your DNS Console...make sure that all of the ISP DNS servers listed here are working.  Remove any that are not.)  
0
 

Author Comment

by:Dabowitt
ID: 13605883
OK, so for h20180.www2.hp.com  I get,  (forwarders must be working if I can get to this site???)

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

Z:\>nslookup
Default Server:  abcserver.domain.local
Address:  10.0.0.40

> set db2
> h20180.www2.hp.com
Server:  abcserver.domain.local
Address:  10.0.0.40

------------
Got answer:
    HEADER:
        opcode = QUERY, id = 2, rcode = NXDOMAIN
        header flags:  response, auth. answer, want recursion, recursion avail.
        questions = 1,  answers = 0,  authority records = 1,  additional = 0

    QUESTIONS:
        h20180.www2.hp.com.jfcnet.local, type = A, class = IN
    AUTHORITY RECORDS:
    ->  jfcnet.local
        ttl = 3600 (1 hour)
        primary name server = abcserver.domain.local
        responsible mail addr = admin
        serial  = 7059
        refresh = 900 (15 mins)
        retry   = 600 (10 mins)
        expire  = 86400 (1 day)
        default TTL = 3600 (1 hour)

------------
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 3, rcode = NOERROR
        header flags:  response, auth. answer
        questions = 1,  answers = 1,  authority records = 2,  additional = 0

    QUESTIONS:
        h20180.www2.hp.com, type = A, class = IN
    ANSWERS:
    ->  h20180.www2.hp.com
        internet address = 192.151.52.130
        ttl = 10 (10 secs)
    AUTHORITY RECORDS:
    ->  h20180.www2.hp.com
        nameserver = atlns.americas.hp.net
        ttl = 600 (10 mins)
    ->  h20180.www2.hp.com
        nameserver = palns.americas.hp.net
        ttl = 600 (10 mins)

------------
Name:    h20180.www2.hp.com
Address:  192.151.52.130

>
0
 
LVL 33

Accepted Solution

by:
NJComputerNetworks earned 2000 total points
ID: 13611635
Yes, It appears that you are forwarding properly.  Do you forward directly to your ISP servers or do you forward to your router and then forward to your ISP servers from your router?  I prefer to forward directly to my ISP servers directly.  If you forward to your routers first, you may want to try to forward to your ISP directly.

Also, I found this web site:  http://www.dnsreport.com/

When I plug in the problematic site: h18007.www1.hp.com I get some warnings....but other sites don't give me warnings...  I don't know what this means exactly because I never used this DNSreport.com website.  But I'm starting to think the problem is not entirely on your side.


0
 

Author Comment

by:Dabowitt
ID: 13614737
Found the problem; we actually weren't forwarding correctly.  We where setup only to look at the root hint servers and not at any of our ISP servers.  I'm not sure why this didn't show itself over the past 3 years of using W2K and W3K DNS servers but when I added the external ISP address to the forwarding list everything went fine.  I'm just still confused why it worked for 3 years and all of a sudden didn't.  NJ you did a great job of pushing me in the right direction - So a big thanks and here are the points.
0
 
LVL 33

Expert Comment

by:NJComputerNetworks
ID: 13614806
I've heard of people using Root Hints and I have seen this setup; however, I don't understand the advantages of this type of setup (I guess you would use this if your ISP doesn't provide DNS servers to forward to).  However, I think it is best to forward to your ISP servers.

I'm glad you got this figured out...
0
 

Author Comment

by:Dabowitt
ID: 13623477
Ok gang, with all the responses and discussions we wanted to hear from the proverbial horses mouth, Microsoft, why our DNS server was working properly for 2.5 or so years with only root hints and all of a sudden didn’t.  

 First, Microsoft verbally stated that their recommendation is that DNS be setup with forwarding addresses.  I asked for documentation to this extent and will forward it out to all of you when I receive it.

 I then asked why we have worked for so long and all of sudden started having problems.

 Microsoft pointed me to the following:   http://techrepublic.com.com/5104-6242-5111588.html

 Per this article, our Windows 2003 DNS server is compliant with RFC 2671 and as such was advertising its capabilities per RFC 2671 when trying to get resolution for this specific HP page.  Microsoft felt that this specific page from HP was causing our DNS server to advertise its capabilities per RFC 2671 and it was being rejected by the remote firewall.

 per the above information,

“New in Windows Server 2003 is support for Extension Mechanisms for DNS (EDNS) as defined in RFC 2671. The extensions allow the transfer of DNS packets in excess of 512 bytes, which was the restriction imposed by RFC 1035 (Windows Server 2000 DNS).  When Windows Server 2003 contacts a remote DNS server, this capability is negotiated and enabled if both ends support it, resulting in DNS record sets of a size greater than 512 bytes.  Unfortunately, some firewalls have trouble with this enhancement as they are configured to drop DNS packets in excess of 512 bytes.  …. Disabling EDNS results in your server never advertising that it has the capability to handle DNS packets in excess of 512 bytes.  It will drop back to using the RFC 1035 defined limits.”

 The Microsoft rep confirmed this was an issue even though this document was not produced by Microsoft.  The rep indicated that they have implemented the fix, discussed below, to resolve this issue in the past but no formal document has been advertised out by them.

My thought is that the root hint server firewalls where modified to drop packets in excess of 512 bytes to prevent potential hacks but I can’t confirm this. I remember seeing about a month ago something about the root hint servers where attacked.  I suspect that the firewall design was changed to prevent this and subsequently we started seeing this because our DNS design was done with root hints only.

 At the direction of the Microsoft rep we implemented RFC 1035 by turning off the EDNS capability of Windows 2003 server.  See above article for instructions on how this is done.  Per Microsoft, there is absolutely no potential harm to DNS or AD in doing this.  The above document explains how to do this and was confirmed with the Microsoft rep.

 Thus, I disabled EDNS, removed the forwarding address, rebooted the server and cleared the DNS cache.  I then tried to get to the HP page we have had troubles with and it worked perfectly.

 I would enjoy your thoughts on this subject.

0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Ready to improve network connectivity? Watch this webinar to learn how SD-WANs and a one-click instant connect tool can boost provisions, deployment, and management of your cloud connection.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The HP utility "HP Lights-Out Online Configuration Utility for Windows Server 2003/2008" could be of great use when it comes to remotely configure a HP servers ILO WITHOUT rebooting the server. We would only need to create and run scripts using thi…
This may not be a text book method to resolve VSS backup issues but it seemed to have worked on few of the Windows 2003 servers we had issues while performing a Volume Shadow Copy backup. If you have issues while performing a shadow copy backup usin…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…
Suggested Courses

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question