ISP DNS Resolver Issue

We just switched our ISP to ATT and for some reason were are unable to access certain websites.  We get page cannot be displayed.  I cannot even ping the sites.  Yet other pages work fine.  If I use our backup ISP (local cable company) I can get to the pages.  I have called support from ATT and am getting no where.  They keep speaking of our DNS Resolver IP and gave me the IP, but they cannot tell me where to program it.  I am thinking it goes in the router they supplied that their T1's come into.  But, I am not sure and they are no help.  I have had no problems with chaning ISP's in this organization in the past.  Anyone help?

-mark
LVL 1
ohmErnieAsked:
Who is Participating?
 
dlonganConnect With a Mentor Commented:
Well, couple of things.

If your tracert route is timing out, then you have more then a DNS issue.

Back to your orignal question, you need to have your internal DNS server forward non local requests to the AT&T DNS server.  This is called DNS Forwarding in a Windows environment.  You will find this setting on the DNS server properties and there should be a tab called "Forwarders"  Enter the AT&T DNS IP addresses there.

Now for you timeouts, did your default gateway IP address change?
0
 
GizmoKidCommented:
Add DNS IP in your Router name-server & also add in the properties of TCP/IP ,where you define your IP address & gateway(Your Router Address)
0
 
Scotty_ciscoConnect With a Mentor Commented:
Is the desk top you are using to test this from getting a DHCP address or have you assigned it statically?  If you get it VIA dns make sure that they are correct and that they are working.  

do this
cmd
dos window comes up
nslookup www.badpage.com (the page you can't get to) it will give you an IP address or it will fail if it fails change the DNS settings under your ethernet to a known good DNS server and try again.  If that does not fix your problem something else besides DNS is the issue.

Thanks
Scott
0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
ohmErnieAuthor Commented:
GizmoKid,

I am not exactly sure where I am to do this?  In the router my T1's come into?  I cannot get into this router, it is ATT's.  Then that plugs into my switch.  Is it possible I need to reprogram my switch?

Scotty,

The computer I am using is static, but even pcs on DHCP are not working.  If i do a nslookup on one of the sites in question it does return an ip address, but if I try to ping that IP address I get a request timed out.
0
 
Scotty_ciscoCommented:
so instead of trying to ping the address try going http://xxx.yyy.zzz  using the doted decimal ip address then try a tracert to the site and post the results.

Thanks
scott
0
 
dlonganCommented:
How are your IP addresses and DNS settings provided to all the computer on your network?  Are you using DHCP, and if so what is providing this?
0
 
ohmErnieAuthor Commented:
If I do a tracert 12.111.237.163 from the command prompt I get request time out.

My IP address are assigned through DHCP in a windows environment.  Internal dns is fine.
0
 
The--CaptainConnect With a Mentor Commented:
>If i do a nslookup on one of the sites in question it does return an ip address,
>but if I try to ping that IP address I get a request timed out

I'd be screaming at AT&T right now (ask for as high a level supervisor as you can get), since you assert:

You can resolve public hostnames to IPs.
You cannot ping those public IPs, even though you can from other networks using the same physical machine.

One final test is (as previously mentioned) a traceroute. If you can get a response from all of the devices in the path that you control, then it is definitely their fault.

Tell those morons at AT&T who keep asking you to play with DNS settings that you want to talk to their supervisors, and then tell their supervisors how stupid they are.  If their supervisors do not understand, repeat the previous advice until you talk to someone who *does* understand.

This is unbelievable - you're paying for a freaking T1, for chrissakes - it's not like you're some residential DSL customer for $20/mo.  They should be practically wiping your butt for you, not feeding you this incredible line of BS.

AT&T sucks, regardless.  I hope you know all your packets can be intercepted by the NSA at will without a warrant thanks to their collaboration with the NSA.  Oh yeah, and they'll turn over any phone records they want also even if the feds have no warrant (in case you are using some of your T1 for voice).  And don't forget, AT&T wants [read: is lobbying] to extort $$ from folks who have already paid for fat pipes (like google, yahoo, etc) under their amazingly retarded (from a user perspective - I assume it's great if you're a greedy corporate a-hole) two-tiered internet scheme.

Maybe mention since you're putting up with all the above crap, maybe they could put up with you asking for a little assistance.

Cheers,
-Jon
0
 
The--CaptainCommented:
>If I do a tracert 12.111.237.163 from the command prompt I get request time out

Me too, but I get 14 hops first (I am on AT&T/SBC DSL).  How many (if any) do you get before it times out?

Cheers,
-Jon
0
 
The--CaptainCommented:
Do you have any firewall(s) in between your test machine and the AT&T supplied router?  If so, can you try plugging straight in to the router (might need a crossover) with your test machine (scary if your using windows, I know, but sometimes you just have to bite the bullet).

Cheers,
-Jon
0
 
dlonganCommented:
Folks, remember a tracert uses ICMP packets and they are more and more being blocked.  I always use a known good IP address that does not have ICMP blocked for doing tracerts.
0
 
ohmErnieAuthor Commented:
Stupid mistake.  The subnet setting in the firewall was set to /8 instead of /28.  thanks for the help and ideas using tracert and forwarders.  I decided to split the points among those that trigger me to look again at the firewall settings.
0
 
dlonganCommented:
Excellent, glad to hear we helped out and thanks.
0
 
The--CaptainCommented:
>Stupid mistake.

If you say so - I still say AT&T is retarded for asking you to examine your DNS settings.

Still, your explanation makes sense - if you're claiming (though a misconfiguration) that your mask was /8 instead of /28, then you would not be able to access approximately .5% of all internet hosts - if your /28 was within a very popular /8, you'd certainly notice problems.

Cheers,
-Jon
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.