Solved

DNS Problem - 1 website will not load

Posted on 2008-09-30
7
979 Views
Last Modified: 2012-05-05
Thank you in advance.
I have 1 website (www.veer.com, IP 65.110.167.233) that will not load
at all. I run 2 internal windows 2003 dns servers (fully patched) that
use root hints for name resolution. Every other website works without
out a hitch. The only error i get on the dns side is a 5504:
The DNS server encountered an invalid domain name in a packet from
192.5.6.30. The packet will be rejected. The event data contains the
DNS packet.
0000: 4c a4 80 00 01 00 00 00   L¤¬.....
0008: 02 00 02 00 03 77 77 77   .....www
0010: 04 76 65 65 72 03 63 6f   .veer.co
0018: 6d 00 00 01 00 01 c0 10   m.....À.
0020: 00 02 00 01 00 02 a3 00   ......£.
0028: 00 0e 08 6e 73 31 2d 61   ...ns1-a
0030: 75 74 68 02 71 39 c0 15   uth.q9À.
0038: c0 10 00 02 00 01 00 02   À.......
0040: a3 00 00 0b 08 6e 73 32   £....ns2
0048: 2d 61 75 74 68 c0 33 c0   -authÀ3À
0050: 2a 00 01 00 01 00 02 a3   *......£
0058: 00 00 04 d8 dc 23 14 c0   ...ØÜ#.À
0060: 44 00 01 00 01 00 02 a3   D......£
0068: 00 00 04 d8 dc 24 14      ...ØÜ$.

If I add an external DNS from my ISP or Opendns to my computer it
resolves fine, but since we use internal resources i can't use that
DNS all the time. I also can't use forwarders for the same reason. If
I add veer.com and associated IP to the hosts file i am able to
resolve the website, but cant really navigate to much as there are
multiple sub domains that error out.

In my DNS MMC i have an entry in the cache lookup that resolve to ns1-
auth.q9.com and ns2-auth.q9.com.
The last time my users reported getting to this site was on 8-25-08.

I've run a netdiag.exe /fix on both DC's and they came back ok.

I have verified that both dns server have the 'secure cache against
pollution' box checked.
I have run wireshark and sniffed on port 53 and go the following. The
Server failure is puzzeling.

No.     Time        Source                Destination
Protocol Info
     15 45.825657   XXX.XXX.XXX.XXX(internal compy)
XXX.XXX.XXX.XXX(dns server)         DNS      Standard query A www.veer.com


Frame 15 (72 bytes on wire, 72 bytes captured)
    Arrival Time: Sep 30, 2008 16:26:27.680674000
    [Time delta from previous captured frame: 0.993871000 seconds]
    [Time delta from previous displayed frame: 0.993871000 seconds]
    [Time since reference or first frame: 45.825657000 seconds]
    Frame Number: 15
    Frame Length: 72 bytes
    Capture Length: 72 bytes
    [Frame is marked: False]
    [Protocols in frame: eth:ip:udp:dns]
    [Coloring Rule Name: UDP]
    [Coloring Rule String: udp]
Ethernet II, Src: Usi_da:b1:8a (00:1e:37:da:b1:8a), Dst: HewlettP_0c:
7e:f5 (00:13:21:0c:7e:f5)
    Destination: HewlettP_0c:7e:f5 (00:13:21:0c:7e:f5)
    Source: Usi_da:b1:8a (00:1e:37:da:b1:8a)
    Type: IP (0x0800)
Internet Protocol, Src: XXX compy IP (compy ip), Dst: XXX dns IP (XXXX
DNS IP)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN:
0x00)
    Total Length: 58
    Identification: 0x16de (5854)
    Flags: 0x00
    Fragment offset: 0
    Time to live: 128
    Protocol: UDP (0x11)
    Header checksum: 0xa00d [correct]
    Source: compy IP (compy IP)
    Destination: dns ip (dns IP)
User Datagram Protocol, Src Port: 57029 (57029), Dst Port: domain (53)
    Source port: 57029 (57029)
    Destination port: domain (53)
    Length: 38
    Checksum: 0x558d [correct]
Domain Name System (query)
    [Response In: 16]
    Transaction ID: 0x1f12
    Flags: 0x0100 (Standard query)
        0... .... .... .... = Response: Message is a query
        .000 0... .... .... = Opcode: Standard query (0)
        .... ..0. .... .... = Truncated: Message is not truncated
        .... ...1 .... .... = Recursion desired: Do query recursively
        .... .... .0.. .... = Z: reserved (0)
        .... .... ...0 .... = Non-authenticated data OK: Non-
authenticated data is unacceptable
    Questions: 1
    Answer RRs: 0
    Authority RRs: 0
    Additional RRs: 0
    Queries


No.     Time        Source                Destination
Protocol Info
     16 46.573208   DNS IP             compy ip       DNS
Standard query response, Server failure


Frame 16 (72 bytes on wire, 72 bytes captured)
    Arrival Time: Sep 30, 2008 16:26:28.428225000
    [Time delta from previous captured frame: 0.747551000 seconds]
    [Time delta from previous displayed frame: 0.747551000 seconds]
    [Time since reference or first frame: 46.573208000 seconds]
    Frame Number: 16
    Frame Length: 72 bytes
    Capture Length: 72 bytes
    [Frame is marked: False]
    [Protocols in frame: eth:ip:udp:dns]
    [Coloring Rule Name: UDP]
    [Coloring Rule String: udp]
Ethernet II, Src: HewlettP_0c:7e:f4 (00:13:21:0c:7e:f4), Dst:
Usi_da:b1:8a (00:1e:37:da:b1:8a)
    Destination: Usi_da:b1:8a (00:1e:37:da:b1:8a)
    Source: HewlettP_0c:7e:f4 (00:13:21:0c:7e:f4)
    Type: IP (0x0800)
Internet Protocol, Src: DNS IP(), Dst: Host Compy
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN:
0x00)
    Total Length: 58
    Identification: 0x41e3 (16867)
    Flags: 0x00
    Fragment offset: 0
    Time to live: 128
    Protocol: UDP (0x11)
    Header checksum: 0x7508 [correct]
    Source: DNS IP
    Destination: Host Compy
User Datagram Protocol, Src Port: domain (53), Dst Port: 57029 (57029)
    Source port: domain (53)
    Destination port: 57029 (57029)
    Length: 38
    Checksum: 0xd50a [correct]
Domain Name System (response)
    [Request In: 15]
    [Time: 0.747551000 seconds]
    Transaction ID: 0x1f12
    Flags: 0x8182 (Standard query response, Server failure)
        1... .... .... .... = Response: Message is a response
        .000 0... .... .... = Opcode: Standard query (0)
        .... .0.. .... .... = Authoritative: Server is not an
authority for domain
        .... ..0. .... .... = Truncated: Message is not truncated
        .... ...1 .... .... = Recursion desired: Do query recursively
        .... .... 1... .... = Recursion available: Server can do
recursive queries
        .... .... .0.. .... = Z: reserved (0)
        .... .... ..0. .... = Answer authenticated: Answer/authority
portion was not authenticated by the server
        .... .... .... 0010 = Reply code: Server failure (2)
    Questions: 1
    Answer RRs: 0
    Authority RRs: 0
    Additional RRs: 0
    Queries

I'm completely stumped as to why this one particular website won't
open. If anyone has any thoughts let me know.


0
Comment
Question by:LP_Tech
  • 3
  • 3
7 Comments
 
LVL 11

Expert Comment

by:ecsrd
Comment Utility
Could you please post an NSLOOKUP from the DNS server for that address:

nslookup - localhost
>www.veer.com

Is veer.com your internal domain?
0
 
LVL 4

Expert Comment

by:cybersean
Comment Utility
You probably should be using forwarders to your ISPs DNS server.  Your internal DNS servers will service any internal requests and only forward DNS requests to your ISP if they aren't able to be resolved internally (Provided that your clients are configured to hit your internal dns servers first).  If you still don't want to set it up that way, you can make a rule only to forward dns requests to veer.com to your ISPs DNS server.  
0
 

Author Comment

by:LP_Tech
Comment Utility
I cannot ping and nslookup fails. veer.com is not my internal domain rather a website.  How can i create a rule to forward dns if my internal dns is stopping the name resolution. I am running windows 2003 DNS server and roothints as the name servers.
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 4

Expert Comment

by:cybersean
Comment Utility
If your internal DNS servers are unable to resolve the name to an IP Address, they "forward" the request to your ISPs DNS Servers.  They don't "stop" name resolutions unless they are unable to resolve a name to an ip OR are not configured to forward the request to another dns server.  Your ISP's dns server then resolves it for you and returns the results to your internal dns server.
Open DNS, right-click the server and click properties
Click the forwarder tab.
Check enable forwarders
Enter the IP address your ISP's DNS server (add multiple ones if you know them) and click ok
If the forwarder options are greyed out, that means your DNS is configured as a root server.  This should not be the case because you mentioned that you had root hints.  
Also, your client machines should be configured to use your internal dns servers.  They need to be configured for the internal dns servers so they can resolve internal names and will only be forwarded if your internal dns server is unable to resolve the name, which won't be the case for any internal resources.

0
 

Author Comment

by:LP_Tech
Comment Utility
If I use forwarders won't that screw up internal name resolution to internal resources? The big kicker is that only 1 website is not resolving. Every other site works fine.
0
 
LVL 4

Accepted Solution

by:
cybersean earned 500 total points
Comment Utility
No, it will not screw up internal name resolution.  Here's how it works.
A client sends a query to your internal dns server.
Your internal dns server attempts to resolve the query by checking the zones that it is responsible for.
If your internal dns server is unable to resolve the query from it's own zones, only then does it forward the request to your ISP's dns server.  (As in the case for External resources, which are not in your internal zone).
The only time an internal resolution would fail, would be if that internal dns zone did not have the information needed to resolve the query.  If the dns server didn't already have the information to resolve the name, it would fail no matter if forwarders were configured or not.
0
 

Author Closing Comment

by:LP_Tech
Comment Utility
Thank you. I had read some documentation that if you added forwarders that internal dns would not work correctly.
Thank you!
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Join & Write a Comment

Suggested Solutions

Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
One of the most often confused topics in the area DNS is the idea of GLUE records. Specifically, what they are, when they are needed, when they are provided, and how they are created. First, WHAT IS GLUE? To understand GLUE, you must first under…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now