Something strange

Just yesterday No one on our network can get to msn.com or hotmail.com. but other sites work fine. We are not blocking these sites and our DNS server appears to be working fine. If I do a tracert on MSN.com it doesnt get past our default gateway. If I do a tracert on hotmail.com it makes it to our providers server in sunnyvale and then stops.

any thoughts???
WIZUAsked:
Who is Participating?
 
WIZUConnect With a Mentor Author Commented:
DHCP had a wrong IP for DNS in there. Once I deleted it everything was fine.
0
 
kemitHamiteIT DirectorCommented:
How is your network configured? direct connection? Proxy, etc.?

Rgs
0
 
rlsconsultingCommented:
Hello,

Have you look in C:\Windows\system32\drivers\etc\hosts  file to see if it may be redirected to the wrong place?

Richard
0
The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

 
eekygeekyCommented:
clear your DNS cache and restart your local DNS server as a matter of course, then check in with your router/firewall. if it has a web console, it'll have a test utility in there to ping outside sites from within the router. If it doesn't, you can doubtless telnet in.  Let me know the make and model and I'll send the CLI commands to do the same.

If you can ping from the router, local DNS is screwed up- if you can't, this is upstream and you should call your ISP.
0
 
acl-puzzCommented:
do the clients even resolve?

E:\Documents and Settings\Administrator>nslookup
> set type=all
>msn.com


what it says?
0
 
WIZUAuthor Commented:
I cleared DNS cache and rebooted DNS server running a chk disk last night but did not fix problem. DNS resolves the names cause when I do the tracert hotmail.com it does convert the name to a correct IP address for the site.
0
 
kemitHamiteIT DirectorCommented:
can they resolve www.microsoft.com? (It might sound stupid but please, do try it)...
0
 
acl-puzzCommented:
if u try these sites on DNS server itself does it work?
what is urs router config can u share it?
did u try calling yours ISP what they says?

0
 
acl-puzzCommented:
and one more thing till this problem not solved u can suggest users to use proxy site like ctunnel.com it may not sound an good idea but just temporary solution.
0
 
WIZUAuthor Commented:
Yes I am trying this on the DNS server. I contacted my ISP, they say its not on their end.
0
 
kemitHamiteIT DirectorCommented:
try surfing to both sites using www.anonymouse.org
0
 
WIZUAuthor Commented:
just realized I cant get on any microsoft websites. We did a bunch of changes to our router last week...might be related.
0
 
acl-puzzCommented:
this is why i asked u to share yours router config...anyways there is something that is blocking may any ACL or firewall something

and what abt site browsing on DNS?does these sites work there?
0
 
WIZUAuthor Commented:
Cant browse on DNS. I did some research..I think has to do with MTU setting on router.
0
 
Alan GunnCommented:
You can experiment with MTUs using Ping /f /l 1472.
/f tells ping to not Fragment a packet and /l tells it how long the packet should be.
 
See the code for the results either side of out MTU of 1472.
 
 

C:\>ping www.hp.co.uk /f /l 1472

Pinging www.hpgtm.nsatc.net [15.193.112.22] with 1472 bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 15.193.112.22:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

C:\>ping www.hp.co.uk /f /l 1473

Pinging www.hpgtm.nsatc.net [15.193.112.22] with 1473 bytes of data:

Packet needs to be fragmented but DF set.
Packet needs to be fragmented but DF set.
Packet needs to be fragmented but DF set.
Packet needs to be fragmented but DF set.

Ping statistics for 15.193.112.22:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

Open in new window

0
 
Alan GunnCommented:
That came out more colourful than expected! :-)
 
0
 
WIZUAuthor Commented:
I tried turning down MTU but didnt work. I'm getting desperate! I cant search microsofts data base cause I cant get there.
0
 
acl-puzzCommented:
@WIZU

if it is just an case of maximum transmission units  then how it will be "only" blocking Microsoft based sites?
0
 
eekygeekyCommented:
if the hostnames resolve to IP addresses, this only means that your upstream providers' DNS servers are still listing those sites.

Frame size is a wild shot. did you change the default MTU size (I'm assuming 1500), and why?

what about more tangential stuff? Do you have any filtering/web rules software running, like a filtering service on your firewall? they can sometimes quirk up and not show the results.

check logs on your router; when did traffic stop, go back to event logs and look for possible proximal or collolary effects.


at this point, a short network description might be in order: router model and config, server set up- SBS? IIS? DHCP? and basic apps as well.
0
 
kemitHamiteIT DirectorCommented:
WIZU, try the following, go to www.anonymouse.org, type the microsoft webaddress accordingly, see if it will resolve it. If it does, download the malware removal tool from them. Your network might have been hit by a nasty worm. Do this first and come back with news....
0
 
WIZUAuthor Commented:
ran virus and maleware scans, Cisco guy verified everything on router is ok.
0
 
eekygeekyCommented:
so can the Cisco guy ping hotmail.com from the router? that's pretty important info.

you need to localize the fail here; either your edge is faulty or your gateway is faulty or there is some third factor-AV/webfilter- that has gone belly up)
0
 
ChiefITCommented:
Worms can sometimes prevent you from logging onto some sites, like McAfee>>Microsoft>>Symantec..

The way they do this is to poison the DNS HOST record found on each machine. If DNS appears to resolve, your cisco guy is wrong... I think you have an ACL that is blocking HTTP traffic to microsoft sites. If so, that will permit DNS resolution, just not access to the site.

I just pinged Microsoft's web site and got a return IP of 65.55.17.27. This is a class a network. See if you have an ACL on the router that blocks HTTP traffic. It will look like this:

Accesslist 10x (your subnet IP address), (Your reverse subnet mask) 65.0.0.0 0.255.255.255 http

You can check for this by logging onto the router and going into privelged mode and typing:

Sh run
0
 
ChiefITCommented:
Another option is to use a portquery:

The syntax will look like this:

portqry -n 65.55.17.27 -o 80 -p both

that is a port query to the IP of 65.55.17.27 on port 80 and looking at both UDP and TCP traffic.

If both are blocked, then you have an ACL on your router..
0
 
kemitHamiteIT DirectorCommented:
@ChiefIT,

Worms do actually what you said, hence the request for WIZU to try and connect to the microsoft site or any other that would not resolve by using a proxy avoider/anonymizer... Until then, I personally cannot serve as much help.

Rgs
0
 
eekygeekyCommented:
Bingo, DNS  problem. good to know its fixed
0
All Courses

From novice to tech pro — start learning today.