Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

cannot access many .co.uk domains

Posted on 2008-10-03
14
Medium Priority
?
537 Views
Last Modified: 2010-04-21
Hello all,
We are having something very strange happening here. 3 or 4 times over the last 2 weeks we keep completely losing access to the majority of websites ending in a .co.uk domain name.

All sites under .com/.net or any other combination are fine - but not .co.uk

Strange thing is it doesnt completely remove access to ALL .co.uk - we can still get to our host 1&1.co.uk for instance but the majority of sites are unreachable. They simply time out with an error message that the site cannot be reached.

I figured DNS must be the issue, i have flushed DNS both on my servers and workstations - including my DNS servers, i have restarted all related routers to force them to resynch with my isp. This has not helped and the issue is affecting every user in the business.

NSLOOKUP also times out when trying to contact the websites in question. I cannot ping them either.This has really got me stumped. Any ideas?
0
Comment
Question by:No1_Reggie
  • 7
  • 6
14 Comments
 
LVL 71

Expert Comment

by:Chris Dent
ID: 22634333

Hey,

Do you use Forwarders in DNS? If you do, you might consider removing or changing them.

Chris
0
 
LVL 6

Expert Comment

by:rehanahmeds
ID: 22634374
use open dns when the problem occurs to test if your configured DNS is the culprit.

i think there IPs are

Primary server: 208.67.222.222
Alternative server: 208.67.220.220

you can double check this...  opendns is free and i havent seen it not working....
0
 
LVL 1

Author Comment

by:No1_Reggie
ID: 22634415
Hi Chris,

I dont use forwarders as such - but have many forward lookup zones - is this what you are saying to delete?The forwarders section in my DNS management is still set at default as far as i can see - none have been added.
0
WatchGuard Case Study: Museum of Flight

“With limited money and limited staffing, we didn’t have a lot of choices in terms of what we could do to bring efficiency. WatchGuard played a central part in changing that.” To provide strong, secure Wi-Fi access within the museum, Hunter chose to deploy WatchGuard’s AP120 APs.

 
LVL 71

Expert Comment

by:Chris Dent
ID: 22634520

> is this what you are saying to delete

No, not at all :)

If you're not using Forwarders then you're using Root Hints.

Can you resolve any public .co.uk name?

Chris
0
 
LVL 1

Author Comment

by:No1_Reggie
ID: 22634775
I thought you meant that :)

Yes i can resolve some public .co.uk names such as 1&1.co.uk (our web hosts), google.co.uk works, i have tried about 30 other sites so far and those are the only ones i can get to work.

0
 
LVL 71

Accepted Solution

by:
Chris Dent earned 2000 total points
ID: 22635067

Hmm well... it could be a routing problem.

I take it clearing the cache or restarting the service has no effect?

We might see if it's purely name resolution or a bigger issue than that. Try adding "4.2.2.4" as a forwarder on your DNS Server? That one belongs to Verizon. I just don't much recommend using it permanently, they might take it down if it gets too busy (it's been up for years).

Chris
0
 
LVL 1

Author Comment

by:No1_Reggie
ID: 22635117
Hi Chris, sorry i should have mentioned, restarting the service does work - but only for a limited period of time. Changing my DNS to point to open dns or any other dns does get round the problem - but i am looking more for a permanent fix for my own dns rather using external dns if you know what i mean.

Considering that the system seems to work normally and then goes down seems to point to the fact that there is some form of gradual corruption or destruction in my dns. Restarting the service or rebooting the dns server brings everything back online for a few hours or a couple of days before the problem re-appears.
0
 
LVL 1

Author Comment

by:No1_Reggie
ID: 22635169
Just to clarify - although restarting the service does have an effect - clearing the cach does not - that is one of the things that makes this very odd.
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 22635228

> but i am looking more for a permanent fix

Yeah, absolutely :) Just curious if it worked :)

Fully patched I guess? There were a number of odd problems with the early versions that vanished with patching. But it is a fairly obvious question so I suspect it's already addressed.

Can you take a look in the cache and see which Name Server records are listed for .co.uk? And see if any of the failing domains are listed there?

Chris
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 22635237

We do have to consider the Firewall with an issue like this as well. If the responses are being dropped by a Firewall it can make life really upsetting. Anything interesting in use there?

Chris
0
 
LVL 1

Author Comment

by:No1_Reggie
ID: 22648172
Hi Chris, back after the weekend :)

1). Yes all fully patched.
2) Name Servers in the cache - interesting, i dont have a specific .co.uk folder in there. I have a uk folder and in there i have 3 seperate folders called a). co b). net c) NIC
3). Name servers in the root of the UK folder are all  ns1.nic.uk, ns2, ns3 and so on, nsa.nic.uk, nsb, nsc and so on.
4). Yes the failing domains are listed under the co folder. Funny thing is all domains are still working from today - so nothing failling at present. I wqill continue trying through the day to see if anything fails.
5). Firewall is a Cisco ASA5510 series. Nothing partcularly interesting in there, i have a good look at it but cant find anything obvious.
6). Dont you just hate these weird things that make no sense ;0) Still they make life interesting. Thanks for persevering with me.
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 22648370

> Dont you just hate these weird things that make no sense

Yes, very much so :)

It could be EDNS, but we would expect that to be a lot more random that just UK domains.

And it could be (or have been) a routing issue which would be harder to trace down. Except there we wouldn't necessarily expect it to disappear after a service restart.

Chris
0
 
LVL 1

Author Comment

by:No1_Reggie
ID: 22648551
Thanks Chris, i will monitor it through the day and hopefully it has sorted itself. I will award you the points tomorrow as you certainly deserve them.
0
 
LVL 1

Author Closing Comment

by:No1_Reggie
ID: 31502764
Thanks for the help Chris, problem reoccurring but you definately deserve the points. Regards
Reggie.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
Learn about cloud computing and its benefits for small business owners.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

971 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question