Solved

Strange DNS/hosts file lookup problem

Posted on 2006-06-19
11
1,632 Views
Last Modified: 2012-06-27
Hi All,

We need to support third party server.

The server has a locally installed secure certificate that is mapped to an external ip address via hosts file so that external.name.local should resolve to the ip address and hence match the secure certificate (dont ask why they have done it like this, must be a security feature :)

The trouble is that on an external line using only the ISPs DNS server it works fine, on our internal network I get the feeling that it is conflicting with the internal DNS server, when tried we get the error message,

503 Service Unavailable
Failed to resolve the name of server m3gate.maytas.local to connect

We are using a proxy server but it is not set to cache/bypass https which the site is..

Annyone any ideas?

Any info much appreciated.


0
Comment
Question by:A4eIT
11 Comments
 
LVL 48

Assisted Solution

by:Jay_Jay70
Jay_Jay70 earned 50 total points
ID: 16933816
have you got your ISP dns servers as forwarders under DNS?
0
 

Author Comment

by:A4eIT
ID: 16933870
Yes we have,

Thanks
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 16934245
What's your host file entry look like?

Jeff
TechSoEasy
0
 

Author Comment

by:A4eIT
ID: 16934439
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

127.0.0.1       localhost
82.xxx.xxx.xx      server.fakedomain.local

Cheers (<--- this bit not in hosts file of course :) )

0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 16934824
okay, and what happens when you ping server.fakedomain.local from that workstation?

Then, what happens when you tracert server.fakedomain.local?

Jeff
TechSoEasy
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 16934830
By the way, this IS a ludicrous method of handling this.

Jeff
TechSoEasy
0
 
LVL 51

Assisted Solution

by:Keith Alabaster
Keith Alabaster earned 50 total points
ID: 16937134
Seems bizarre this. As it is an https site, you are going to get an erroras the certificate name will not match but why not deal with it within your own local dns?
0
 

Author Comment

by:A4eIT
ID: 16940863
>okay, and what happens when you ping server.fakedomain.local from that workstation?
Resolves to correct IP address and times out

>Then, what happens when you tracert server.fakedomain.local?
Takes about 16 hops then untraceable

>By the way, this IS a ludicrous method of handling this.
No kidding, its unfathomable

>Seems bizarre this. As it is an https site, you are going to get an erroras the certificate name will not match but why not deal with it within your own local dns?
Was thinking of this but didnt want to particularly setup new lookup zones etc. seems a little complicated to acheive something that should be simple, in any case the resolution of the name appears???? to be working OK

Im sort of thinking that the traffic may somehow be being forced through the proxy server which isnt helping things, will investigate, let people know and share points to all useful helpers if this is the case, other ideas are still appreciated though

Points upped BTW
0
 

Author Comment

by:A4eIT
ID: 16940869
upped
0
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 150 total points
ID: 16941426
Here's what I don't understand... if they generated the certificate themselves, they can change the paramaters of it quite easily.  For instance, when an SBS generates a self-signed certificate it actually creates 5 different container names that can be used against the certificate... as an example here's what my server's self signed cert has:

CN = sbs.soeasynetwork.com
CN = companyweb
CN = sbs
CN = localhost
CN = sbs.SoEasyNetwork.local

So, why don't they just edit the properties of the certificate to add the right container!?!?

Jeff
TechSoEasy
0
 

Author Comment

by:A4eIT
ID: 16950163
Thanks all,

Got to the bottom of the problem.

Our proxy server was trying to resolve the address, when it did not resolve it was going to isps and again failing as there was no record in either,

The solution was to bypass the proxy via a firewall request.

Cheers for the ideas, distributing points between contributors
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Sometimes you might need to configure routing based not only on destination IP address, but also on a combination of destination IP address (or hostname) and destination port number. I will describe a method how to accomplish this with free tools. …
This is the first one of a series of articles I’ll be writing to address technical issues that are always referred to as network problems. The network boundaries have changed, therefore having an understanding of how each piece in the network  puzzl…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now