Internet (DNS) problem - wierd one


I will need some help diagnose a problem I am encountering one one site I'm managing.

For some reason all users are unable to connect to the site

from within the network.

I'm note quite sure what's going on but I suspect a DNS problem.

This is a typical Wintel network with a 2008 server providing AD & DNS services and a mix of a dozen client PCs running Vista or Win7.

None of the clients are able to connect to above mentioned site, regardless of browser or OS version.

When I perform an NSlookup against the local DNS server I get

Non-authoritative answer:

which seems odd as this IP seems to be registered to OpenDNS.

Interestingly running the same query against the google DNS


returns a non-existent domain error

I have obviously checked the DNS server and made sure there is no entry for and flushed both server and client cache.

At this stage I am pretty much stumped I would appreciate any help / suggestion you might have, however odd...
Alexandre TakacsCTOAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Darius GhassemCommented:
Are  the domains the same internal and externally? If they are then you need to add the record to your internal DNS server to point to the external Web server
Do you use Opendns on your network? perhaps set as a forwarder on the DNS server.
Your nslookup to has a typo  should be

Take out the extra 's' and try it again.

Alexandre TakacsCTOAuthor Commented:

thanks for you feedback

Not sure about the typo, I am indeed looking for

Good catch about openDNS being in the resolver list. Although they seem to get correct results - I am using them for my home PC for example and I can connect to the problematic site just fine - I have removed it. Still no go, though, but it seems to get closer:

Server:  localhost

Non-authoritative answer:

clearly they use some akamai technology... might be somehow related.

Still pretty mysterious...
Cloud as a Security Delivery Platform for MSSPs

Every Managed Security Service Provider (MSSP) needs a platform to deliver effective and efficient security-as-a-service to their customers. Scale, elasticity and profitability are a few of the many features that a Cloud platform offers. View our on-demand webinar to learn more!

Did you try NSLOOKUP to again?
Does it still not resolve ?
In your original posting you were looking for bnpparisbas  - there is an extra S in front of the B.
bnppari - S - bas.
This might be clouding your investigation.

Also remove the Opendns forwarder, use another one or use Root Hints and see if it resolves.
Alexandre TakacsCTOAuthor Commented:


Non-authoritative answer:

So that seems to work.

I have removed all forwarder and only rely on root hints... still not working...
Ok, in the DNS server snap-in, can you see the cache? If not right click on DNS at the top of the tree, select view and tick advanced.
Drill down on the Cache until you find  the entry for
Check the details here, this is just for information because I'm now going to suggest that you clear the cache and try to ping the address again.
What IP do you get now?
What does the Cache reflect after you ping the address?
Alexandre TakacsCTOAuthor Commented:

There was indeed an entry which reads as

Name      Type      Data       Timestamp
(same as parent folder)      Name Server (NS)      static
(same as parent folder)      Name Server (NS)      static
(same as parent folder)      Name Server (NS)      static
(same as parent folder)      Name Server (NS)      static
connexiscash      Alias (CNAME)      static
ns1      Host (A)      static
ns2      Host (A)      static

Cleared the cash


Same info again in the cache...

You have to follow through the cache looking for the CNAME entries in order to find the IP address you're looking for.
From we get
and from we get is 'A' record for the eventual destination. It has a TTL of 14 seconds so the IP address is going to change pretty much every time you ping it.

Find the entry in the cache for and ping it from a command prompt.
Go back to the cache and refresh, is there an entry for an 'A' record for
Is it the same?

Finally, is the DNS setting in your IP settings for your NIC set to the local DNS server?
Alexandre TakacsCTOAuthor Commented:
> Find the entry in the cache for and ping it from a command prompt.
> Go back to the cache and refresh, is there an entry for an 'A' record for
> Is it the same?

Hmmm... interestingly the entry for is recreated but not the (I have obviously cleared bit DNS server abd client cache).

> Finally, is the DNS setting in your IP settings for your NIC set to the local DNS server?

Well doing my lookups on the server itslef. I was using (localhost) as DNS server but changed to the actual IP of the server to no avail.

Now something I just catched:


Pinging [] with 32 bytes of data:
Reply from TTL expired in transit. is my *backup* gateway and is not referenced anywhere in my ip configuration. It might be my *main* gateway which is playing tricks on me but I have no idea what's going on... Will have a closer look tomorrow morning

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.