?
Solved

DNS Issues  - Can not resolve or find  2 web sites...

Posted on 2005-04-04
23
Medium Priority
?
291 Views
Last Modified: 2010-03-18
DNS Issues

For some reason, I cannot reach certain WEB Pages.  I am very comfortable that it is either in my routing or DNS, as I can successfully hit the site if I use someone else’s DNS Server.  The WEB pages I am trying to reach that cause problems are, www.mwwssb.com and www.myfloridalicense.com.  The browser will time out and indicates it cannot reach the page.  I have gone to hundreds of other web sites and have no problems.

Current configuration:
I have two DNS servers, (working on a third).  They are configured as ns1.ssainc.com, and ssa-nt.ssainc.com.  (A true ns2.ssainc.com is on the way.)

The ssa-nt box is a windows 2000 server and is operating as a caching / forwarding DNS Server only.  It is always listed first in my client configuration as it also contains zones that are for internal DNS only.  The ns1.ssainc.com box is a fedora box running the full dns/bind software and is listed as the alternate DNS server in the client configs.

I also NAT all internal servers, except for the SSA-NT box using NAT entries within my Cisco Router.  For example, ns1.ssainc.com is actually 70.150.152.33 public and 172.16.16.223 private.

The only other piece of information that I can give is problems running “nslookup” on a local machine.

****Session log of Nslookup***
C:>nslookup
*** Can’t find server name for address 172.16.0.100:  Non-existent domain
Default server:  ns1.ssainc.com
Address:  172.16.1.223
>
>
>www.cnn.com
Server ns1.ssainc.com
Address:  172.16.1.223

Non-autoritative answer”
Name:   cnn.com
Addresses:  64.236.24.20, 64.236324328, (etc)
Aliases:  www.cnn.com
>
www.mwwssb.com
Server:  ns1.ssainc.com
Address: 172.16.1.223

DNS request timed out.
     Timeout was 2 seconds.
DNS request timed out.
      Timeout was 2 seconds.
*** Request to ns1.ssainc.com timed-out
>
>server 205.152.36.23
www.mwwssb.com

> Server:  dns.asm.bellsouth.net
> Address 205.152.37.23
>
non-authoritative answer:
Name:   222.mwwssb.com
Address:  64.238.224.150
*** end of log ***


Ok, any ideas?  I really need to get this resolved as soon as possible.  Thanks for all the past and hopefully future help.

Kenny
0
Comment
Question by:houston_k
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 11
  • 10
  • +1
23 Comments
 
LVL 4

Expert Comment

by:aromberg
ID: 13701937
I would make sure that your internal DNS server is set up to listen on the internal interface, or bind to all interfaces, after that, I would check to make sure that DNS forwarding is set up correctly...

Can you get to your site from that box itself?
0
 
LVL 38

Expert Comment

by:wesly_chen
ID: 13701996
> For some reason, I cannot reach certain WEB Pages.
From which machines? Windows PC or FC3?
If from FC3, then what's in your /etc/resolv.conf in FC3?
   
0
 

Author Comment

by:houston_k
ID: 13702010
If I understand the comment, "Listen ont he internal interface or bind to all interfaces"... I think that it is.  Everything that I use is on the private or internal side.

With regards to "I would check to make sure that DNS forwarding is set up correctly..."
    Again, I think that this works fine.  I have deleted the cache records and watched the cache repopulate with sites that I visit.  I can disconnect NS1 and as long as a record exist in the NT box, things still work.

With regards to "Can you get to your site from that box itself?"    I can get to evey site that I know except for the two that I listed.  This includes any workstation, the Fedora box, and the NT box.

Thanks......Kenny
0
Simple, centralized multimedia control

Watch and learn to see how ATEN provided an easy and effective way for three jointly-owned pubs to control the 60 televisions located across their three venues utilizing the ATEN Control System, Modular Matrix Switch and HDBaseT extenders.

 

Author Comment

by:houston_k
ID: 13702045
> For some reason, I cannot reach certain WEB Pages.
> From which machines? Windows PC or FC3?
> If from FC3, then what's in your /etc/resolv.conf in FC3?

From any machine in my office.  Not from a Linux box (Fedora), or a PC or NT server.  The only I can get to these two web sites is to have the NT box forward request to a Bellsouth DNS box rather than to my DNS server.  Then they work correctly, but I can not leave the configuration that way for a long time.


0
 
LVL 38

Expert Comment

by:wesly_chen
ID: 13702064
Could you flush out the DNS cache by either rebooting the DNS server or restarting the DNS service?
I suspect the DNS entery for those two websites are wrong.
0
 

Author Comment

by:houston_k
ID: 13702081
I have done that several times and get same results....

0
 
LVL 38

Expert Comment

by:wesly_chen
ID: 13702139
What's the parent DNS server in those two DNS server?
do
nslookup
> server <parent DNS server's IP>
www.mwwssb.com
0
 
LVL 38

Expert Comment

by:wesly_chen
ID: 13702172
Did you try
http://64.238.224.150
on the browser?
0
 

Author Comment

by:houston_k
ID: 13702216
I think I got this correct... Here is what I did....


--> nslookup
--> server 70.150.152.33
--> www.mwwssb.com

*** [70.150.152.22] can't find www.mwssb.com:  Non-existent domain.


0
 

Author Comment

by:houston_k
ID: 13702224
Oops......typo.... last line in last post should have been..

*** [70.150.152.33] can't find www.mwssb.com:  Non-existent domain.

sorry about that...
0
 
LVL 38

Expert Comment

by:wesly_chen
ID: 13702251
Then it is something wrong with your parent DNS server, not on your side.
Change your parent DNS server to Bellsouth DNS server for testing.
0
 

Author Comment

by:houston_k
ID: 13702297
Let me make sure I understand what you are asking.  I know just enough to think I know something and still get it ALL wrong.

From a workstation, if I configure my DNS to be Bellsouth, then things work fine.  I can also configure my NT or 2000 server, which is a chche only server, to forward unknow requests to bellsouth rather to ns1.ssainc.com and things work great.

I have had long thought the Bellsouth configurations were not exactly correct, but I don't know enough to argue against them.  When I called to discuss this with tech support, I basically got..  "ours works, yours does not, so it's your problem".    

Could it be the way they subnetted my IP block?  I only have 32 IP numbers......

Thanks again..
0
 
LVL 38

Expert Comment

by:wesly_chen
ID: 13702360
> forward unknow requests to bellsouth rather to ns1.ssainc.com and things work great
What's the DNS server which forward those unknown requests to on Fedora DNS server?
Could you change to different DNS server for testing?
0
 

Author Comment

by:houston_k
ID: 13702486
If I understand you correctly, you are asking about the 2000 server box then here are the IP numbers for that box.  

My IP DNS configs for all machines are as follows:

primary 172.16.0.100                  {2000 Server - public nubmer is 70.150.152.35}
secondary 172.16.1.223              {Fedora - public number is 70.150.152.33}


If I setup the 2000 server to forward request to say Bellsouth, 205.152.37.23, then all the workstations resolve the web sites in question fine.

Is that what you meant by changing to a differnet DNS server for testing?
0
 
LVL 38

Expert Comment

by:wesly_chen
ID: 13702645
Not the DHCP setting.
I mean the DNS server setting, not DNS client setting on DHCP server.
0
 

Author Comment

by:houston_k
ID: 13702700
OK, confused now.  We do not use DHCP.  Do you want to know how the LAN card is configured for the primary  and secondary numbers for ns1.ssainc.com {aka, 172.16.1.223} ?

0
 
LVL 38

Expert Comment

by:wesly_chen
ID: 13702718
Ok. no DHCP server.
I mean only change on the DNS servers, not on the DNS clients.
PC still querry from your Fedora/W2003 server, but your Fedora forward those unknown requests to different DNS servers.
0
 

Author Comment

by:houston_k
ID: 13702921
OK, I hope I am doing this correctly.

If I change the primary and secondary DNS server of the Fedora box to say Bellsouth, [205.152.37.23], rather than to itself, from the Fedora box I can get to www.mwwssb.com, but the PC clients still can not.

I want to ask or make sure of what we are talking about here.  I want to make sure that I understand what's going on or what I think is going on.

A PC client makes a request.  Since its first DNS ip is the 2000 Box it ask the 2000 where is this place.  If the 2000 box does not know, it then forwards the request to the Fedora box.  If the Fedora box does not know, then the Fedora looks at its  "root.zone" file to find an IP of a root server and then makes a request.  Since the root servers are "ALL KNOWING" it returns the address back to the Fedora, which returns to the 2000 server, and then back to the PC client.

I just wanted to go over this to make sure that the Fedora box, while serving DNS request, is asking the right place if it does not know where something is.  I kind of think that this is what you are talking about and not the actual DNS primary and secondary settings on the lan interface inside the Fedora box.
0
 
LVL 38

Accepted Solution

by:
wesly_chen earned 2000 total points
ID: 13702999
> If the 2000 box does not know, it then forwards the request to the Fedora box.
Windows DNS should forward the unknown reuqests to parent DNS server, not the Fedora box.
So change your Windows DNS server setting as well.
I don't have access to Windows server right now, but I know in te DNS server setting, you can change the forward request server, not the root
servers.

On Fedora DNS server, you should change /etc/named.conf (or /var/named/named.conf) for
-------
options {
      directory "/var/named";
      forwarders{
            205.152.37.23;   <=== Put SouthBell's DNS here
      };
------

Those are DNS server setting, not DNS client setting (in /etc/resolv.conf)

Wesly
0
 
LVL 9

Expert Comment

by:fixnix
ID: 13718593
Okay...here's how I see this situation (this is an independant post from the other expert's responses...I'm making that statement so as to not add to confusion of comments to comments to comments since this thread is getting fairly long)

"(A true ns2.ssainc.com is on the way.)"

Looks like there already is:

wedgenix@mail5:~$ dig @ns2.ssainc.com www.myfloridalicense.com
<snip>
;; ANSWER SECTION:
www.myfloridalicense.com. 1786  IN      A       208.62.24.204

Your ssa-nt.ssainc.com is not resolvable publicly so I am unable to see what records work and what don't, but ns1.ssainc.com resolves the sites you've mentioned without any problems.  Nothing seems broken with it, as shown below:

wedgenix@mail5:~$ dig @ns1.ssainc.com www.myfloridalicense.com
<snip>
;; ANSWER SECTION:
www.myfloridalicense.com. 1200  IN      A       208.62.24.204

and:

wedgenix@mail5:~$ dig @ns1.ssainc.com www.mwwssb.com
<snip>
;; ANSWER SECTION:
www.mwwssb.com.         597     IN      A       64.238.224.150

To me, this shows either there is no problem with the Fedora box itself therefore the problem must be on the 2k server.  I'd hit the 2k server from a workstation on the LAN with a request for ns1.ssainc.com and see if it returns the public or private IP address.  If it gives you the public IP, then that's probably your problem...the DNS requests forwarded from ssa-nt to ns1 would be trying to go out the firewall and come right back in which typically doesn't work too good ;)  (just  as it isn't possible to hit a local but public webserver the LAN by using it's public address or a name that resolves to the public address)

From the Fedora box, do:

nslookup ns1.ssainc.com ssa-nt.ssainc.com
(to ask ssa-nt what it thinks ns1's address is)

and see if it returns the public or private address for ns1.  My guess is it's returning the public address and therein lies your problem.  Edit the 2k server to return the local address for ns1.ssainc.com and all should be fine.
0
 

Author Comment

by:houston_k
ID: 13719300
Actually wesly_chen  last post fixed the problem.  That is why ns1 now resolves the two web addresses.  I am still rather confused, in that why these two web sites.  Everything else is working and has been for some time now.  I also wonder is that the correct way to solve this problem.  None the less I am thankful that it is working.

With regards to fixnix and your comments.   Thank you for your comments as well.  You are right about  ssa-nt is returning the public address for ns1.  However, I'm not sure how that affects anything at the moment........


Kenny
0
 
LVL 38

Expert Comment

by:wesly_chen
ID: 13719417
> why these two web sites.
It could be your previous DNS forwarder has wrong entry in their DNS database. So it gives the wrong information.
0
 

Author Comment

by:houston_k
ID: 13719524
I did not have a DNS forwarder..... anyway..thanks again....
0

Featured Post

WordPress Tutorial 3: Plugins, Themes, and Widgets

The three most common changes you will make to your website involve the look (themes), the functionality (plugins), and modular elements (widgets).

In this article we will briefly define each again, and give you directions on how to install them.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question