Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Strange DNS/hosts file lookup problem

Posted on 2006-06-19
11
Medium Priority
?
1,649 Views
Last Modified: 2012-06-27
Hi All,

We need to support third party server.

The server has a locally installed secure certificate that is mapped to an external ip address via hosts file so that external.name.local should resolve to the ip address and hence match the secure certificate (dont ask why they have done it like this, must be a security feature :)

The trouble is that on an external line using only the ISPs DNS server it works fine, on our internal network I get the feeling that it is conflicting with the internal DNS server, when tried we get the error message,

503 Service Unavailable
Failed to resolve the name of server m3gate.maytas.local to connect

We are using a proxy server but it is not set to cache/bypass https which the site is..

Annyone any ideas?

Any info much appreciated.


0
Comment
Question by:A4eIT
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
11 Comments
 
LVL 48

Assisted Solution

by:Jay_Jay70
Jay_Jay70 earned 100 total points
ID: 16933816
have you got your ISP dns servers as forwarders under DNS?
0
 

Author Comment

by:A4eIT
ID: 16933870
Yes we have,

Thanks
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 16934245
What's your host file entry look like?

Jeff
TechSoEasy
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 

Author Comment

by:A4eIT
ID: 16934439
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

127.0.0.1       localhost
82.xxx.xxx.xx      server.fakedomain.local

Cheers (<--- this bit not in hosts file of course :) )

0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 16934824
okay, and what happens when you ping server.fakedomain.local from that workstation?

Then, what happens when you tracert server.fakedomain.local?

Jeff
TechSoEasy
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 16934830
By the way, this IS a ludicrous method of handling this.

Jeff
TechSoEasy
0
 
LVL 51

Assisted Solution

by:Keith Alabaster
Keith Alabaster earned 100 total points
ID: 16937134
Seems bizarre this. As it is an https site, you are going to get an erroras the certificate name will not match but why not deal with it within your own local dns?
0
 

Author Comment

by:A4eIT
ID: 16940863
>okay, and what happens when you ping server.fakedomain.local from that workstation?
Resolves to correct IP address and times out

>Then, what happens when you tracert server.fakedomain.local?
Takes about 16 hops then untraceable

>By the way, this IS a ludicrous method of handling this.
No kidding, its unfathomable

>Seems bizarre this. As it is an https site, you are going to get an erroras the certificate name will not match but why not deal with it within your own local dns?
Was thinking of this but didnt want to particularly setup new lookup zones etc. seems a little complicated to acheive something that should be simple, in any case the resolution of the name appears???? to be working OK

Im sort of thinking that the traffic may somehow be being forced through the proxy server which isnt helping things, will investigate, let people know and share points to all useful helpers if this is the case, other ideas are still appreciated though

Points upped BTW
0
 

Author Comment

by:A4eIT
ID: 16940869
upped
0
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 300 total points
ID: 16941426
Here's what I don't understand... if they generated the certificate themselves, they can change the paramaters of it quite easily.  For instance, when an SBS generates a self-signed certificate it actually creates 5 different container names that can be used against the certificate... as an example here's what my server's self signed cert has:

CN = sbs.soeasynetwork.com
CN = companyweb
CN = sbs
CN = localhost
CN = sbs.SoEasyNetwork.local

So, why don't they just edit the properties of the certificate to add the right container!?!?

Jeff
TechSoEasy
0
 

Author Comment

by:A4eIT
ID: 16950163
Thanks all,

Got to the bottom of the problem.

Our proxy server was trying to resolve the address, when it did not resolve it was going to isps and again failing as there was no record in either,

The solution was to bypass the proxy via a firewall request.

Cheers for the ideas, distributing points between contributors
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Downtime reduced, data recovered by utilizing an Experts Exchange Business Account Challenge The United States Marine Corps employs more than 200,000 active-duty Marines with operations in four continents, all requiring complex networking system…
Are you one of those front-line IT Service Desk staff fielding calls, replying to emails, all-the-while working to resolve end-user technological nightmares? I am! That's why I have put together this brief overview of tools and techniques I use in o…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question