Internet (DNS) problem - wierd one

Folks

I will need some help diagnose a problem I am encountering one one site I'm managing.

For some reason all users are unable to connect to the site

https://connexiscash.bnpparibas.com/

from within the network.

I'm note quite sure what's going on but I suspect a DNS problem.

This is a typical Wintel network with a 2008 server providing AD & DNS services and a mix of a dozen client PCs running Vista or Win7.

None of the clients are able to connect to above mentioned site, regardless of browser or OS version.

When I perform an NSlookup against the local DNS server I get

Non-authoritative answer:
Name:    connexiscash.bnpparisbas.com
Address:  67.215.65.132

which seems odd as this IP seems to be registered to OpenDNS.

Interestingly running the same query against the google DNS

nslookup connexiscash.bnpparisbas.com 8.8.8.8
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

returns a non-existent domain error

I have obviously checked the DNS server and made sure there is no entry for bnpaparisbas.com and flushed both server and client cache.

At this stage I am pretty much stumped I would appreciate any help / suggestion you might have, however odd...
LVL 1
Alexandre TakacsCTOAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Darius GhassemCommented:
Are  the domains the same internal and externally? If they are then you need to add the record to your internal DNS server to point to the external Web server
0
svgnmlCommented:
Do you use Opendns on your network? perhaps set as a forwarder on the DNS server.
Your nslookup to 8.8.8.8 has a typo
connexiscash.bnpparisbas.com  should be
connexiscash.bnpparibas.com

Take out the extra 's' and try it again.

:-)
0
Alexandre TakacsCTOAuthor Commented:
Hi

thanks for you feedback

Not sure about the typo, I am indeed looking for connexiscash.bnpparibas.com/

Good catch about openDNS being in the resolver list. Although they seem to get correct results - I am using them for my home PC for example and I can connect to the problematic site just fine - I have removed it. Still no go, though, but it seems to get closer:

nslookup connexiscash.bnpparibas.com
Server:  localhost
Address:  127.0.0.1

Non-authoritative answer:
Name:    e2126.c.akamaiedge.net
Address:  92.122.104.206
Aliases:  connexiscash.bnpparibas.com
               connexiscash.bnpparibas.com.edgekey.net

clearly they use some akamai technology... might be somehow related.

Still pretty mysterious...
0
How do you know if your security is working?

Protecting your business doesn’t have to mean sifting through endless alerts and notifications. With WatchGuard Total Security Suite, you can feel confident that your business is secure, meaning you can get back to the things that have been sitting on your to-do list.

svgnmlCommented:
Did you try NSLOOKUP to 8.8.8.8 again?
Does it still not resolve ?
In your original posting you were looking for bnpparisbas  - there is an extra S in front of the B.
bnppari - S - bas.
This might be clouding your investigation.

Also remove the Opendns forwarder, use another one or use Root Hints and see if it resolves.
0
Alexandre TakacsCTOAuthor Commented:
Hello

nslookup connexiscash.bnpparibas.com 8.8.8.8
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Non-authoritative answer:
Name:    e2126.c.akamaiedge.net
Address:  92.122.92.206
Aliases:  connexiscash.bnpparibas.com
               connexiscash.bnpparibas.com.edgekey.net

So that seems to work.

I have removed all forwarder and only rely on root hints... still not working...
0
svgnmlCommented:
Ok, in the DNS server snap-in, can you see the cache? If not right click on DNS at the top of the tree, select view and tick advanced.
Drill down on the Cache until you find  the entry for connexiscash.bnpparibas.com
Check the details here, this is just for information because I'm now going to suggest that you clear the cache and try to ping the address again.
What IP do you get now?
What does the Cache reflect after you ping the address?
0
Alexandre TakacsCTOAuthor Commented:
Hello

There was indeed an entry which reads as

Name      Type      Data       Timestamp
(same as parent folder)      Name Server (NS)      ns1.bnpparibas.com.      static
(same as parent folder)      Name Server (NS)      ns2.bnpparibas.com.      static
(same as parent folder)      Name Server (NS)      ns3.domivesta.net.      static
(same as parent folder)      Name Server (NS)      ns4.domivesta.com.      static
connexiscash      Alias (CNAME)      connexiscash.bnpparibas.com.edgekey.net.      static
ns1      Host (A)      155.140.125.131      static
ns2      Host (A)      155.140.125.121      static

Cleared the cash

Reloaded

Same info again in the cache...

0
svgnmlCommented:
You have to follow through the cache looking for the CNAME entries in order to find the IP address you're looking for.
From connexiscash.bnpparibas.com we get connexiscash.bnpparibas.com.edgekey.net
and from connexiscash.bnpparibas.com.edgekey.net we get e2126.c.akamaiedge.net
e2126.c.akamaiedge.net is 'A' record for the eventual destination. It has a TTL of 14 seconds so the IP address is going to change pretty much every time you ping it.

Find the entry in the cache for e2126.c.akamaiedge.net and ping it from a command prompt.
Go back to the cache and refresh, is there an entry for an 'A' record for e2126.c.akamaiedge.net?
Is it the same?

Finally, is the DNS setting in your IP settings for your NIC set to the local DNS server?
0
Alexandre TakacsCTOAuthor Commented:
> Find the entry in the cache for e2126.c.akamaiedge.net and ping it from a command prompt.
> Go back to the cache and refresh, is there an entry for an 'A' record for e2126.c.akamaiedge.net?
> Is it the same?

Hmmm... interestingly the entry for connexiscash.bnpparibas.com is recreated but not the akamaiedge.net (I have obviously cleared bit DNS server abd client cache).

> Finally, is the DNS setting in your IP settings for your NIC set to the local DNS server?

Well doing my lookups on the server itslef. I was using 127.0.0.1 (localhost) as DNS server but changed to the actual IP of the server to no avail.

Now something I just catched:

ping connexiscash.bnpparibas.com

Pinging e2126.c.akamaiedge.net [92.122.32.206] with 32 bytes of data:
Reply from 10.0.0.253: TTL expired in transit.

10.0.0.253 is my *backup* gateway and is not referenced anywhere in my ip configuration. It might be my *main* gateway which is playing tricks on me but I have no idea what's going on... Will have a closer look tomorrow morning
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
DNS

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.