Solved

Something strange

Posted on 2010-09-22
26
339 Views
Last Modified: 2012-05-10
Just yesterday No one on our network can get to msn.com or hotmail.com. but other sites work fine. We are not blocking these sites and our DNS server appears to be working fine. If I do a tracert on MSN.com it doesnt get past our default gateway. If I do a tracert on hotmail.com it makes it to our providers server in sunnyvale and then stops.

any thoughts???
0
Comment
Question by:WIZU
  • 7
  • 5
  • 5
  • +4
26 Comments
 
LVL 1

Expert Comment

by:kemitHamite
ID: 33736153
How is your network configured? direct connection? Proxy, etc.?

Rgs
0
 

Expert Comment

by:rlsconsulting
ID: 33736184
Hello,

Have you look in C:\Windows\system32\drivers\etc\hosts  file to see if it may be redirected to the wrong place?

Richard
0
 
LVL 1

Expert Comment

by:eekygeeky
ID: 33736210
clear your DNS cache and restart your local DNS server as a matter of course, then check in with your router/firewall. if it has a web console, it'll have a test utility in there to ping outside sites from within the router. If it doesn't, you can doubtless telnet in.  Let me know the make and model and I'll send the CLI commands to do the same.

If you can ping from the router, local DNS is screwed up- if you can't, this is upstream and you should call your ISP.
0
 
LVL 12

Expert Comment

by:acl-puzz
ID: 33736307
do the clients even resolve?

E:\Documents and Settings\Administrator>nslookup
> set type=all
>msn.com


what it says?
0
 

Author Comment

by:WIZU
ID: 33736375
I cleared DNS cache and rebooted DNS server running a chk disk last night but did not fix problem. DNS resolves the names cause when I do the tracert hotmail.com it does convert the name to a correct IP address for the site.
0
 
LVL 1

Expert Comment

by:kemitHamite
ID: 33736432
can they resolve www.microsoft.com? (It might sound stupid but please, do try it)...
0
 
LVL 12

Expert Comment

by:acl-puzz
ID: 33736506
if u try these sites on DNS server itself does it work?
what is urs router config can u share it?
did u try calling yours ISP what they says?

0
 
LVL 12

Expert Comment

by:acl-puzz
ID: 33736544
and one more thing till this problem not solved u can suggest users to use proxy site like ctunnel.com it may not sound an good idea but just temporary solution.
0
 

Author Comment

by:WIZU
ID: 33736547
Yes I am trying this on the DNS server. I contacted my ISP, they say its not on their end.
0
 
LVL 1

Expert Comment

by:kemitHamite
ID: 33736674
try surfing to both sites using www.anonymouse.org
0
 

Author Comment

by:WIZU
ID: 33737015
just realized I cant get on any microsoft websites. We did a bunch of changes to our router last week...might be related.
0
 
LVL 12

Expert Comment

by:acl-puzz
ID: 33737069
this is why i asked u to share yours router config...anyways there is something that is blocking may any ACL or firewall something

and what abt site browsing on DNS?does these sites work there?
0
 

Author Comment

by:WIZU
ID: 33737456
Cant browse on DNS. I did some research..I think has to do with MTU setting on router.
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 6

Expert Comment

by:Alan Gunn
ID: 33737974
You can experiment with MTUs using Ping /f /l 1472.
/f tells ping to not Fragment a packet and /l tells it how long the packet should be.
 
See the code for the results either side of out MTU of 1472.
 
 

C:\>ping www.hp.co.uk /f /l 1472



Pinging www.hpgtm.nsatc.net [15.193.112.22] with 1472 bytes of data:



Request timed out.

Request timed out.

Request timed out.

Request timed out.



Ping statistics for 15.193.112.22:

    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),



C:\>ping www.hp.co.uk /f /l 1473



Pinging www.hpgtm.nsatc.net [15.193.112.22] with 1473 bytes of data:



Packet needs to be fragmented but DF set.

Packet needs to be fragmented but DF set.

Packet needs to be fragmented but DF set.

Packet needs to be fragmented but DF set.



Ping statistics for 15.193.112.22:

    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

Open in new window

0
 
LVL 6

Expert Comment

by:Alan Gunn
ID: 33737983
That came out more colourful than expected! :-)
 
0
 

Author Comment

by:WIZU
ID: 33738089
I tried turning down MTU but didnt work. I'm getting desperate! I cant search microsofts data base cause I cant get there.
0
 
LVL 12

Expert Comment

by:acl-puzz
ID: 33738148
@WIZU

if it is just an case of maximum transmission units  then how it will be "only" blocking Microsoft based sites?
0
 
LVL 1

Expert Comment

by:eekygeeky
ID: 33738375
if the hostnames resolve to IP addresses, this only means that your upstream providers' DNS servers are still listing those sites.

Frame size is a wild shot. did you change the default MTU size (I'm assuming 1500), and why?

what about more tangential stuff? Do you have any filtering/web rules software running, like a filtering service on your firewall? they can sometimes quirk up and not show the results.

check logs on your router; when did traffic stop, go back to event logs and look for possible proximal or collolary effects.


at this point, a short network description might be in order: router model and config, server set up- SBS? IIS? DHCP? and basic apps as well.
0
 
LVL 1

Expert Comment

by:kemitHamite
ID: 33739167
WIZU, try the following, go to www.anonymouse.org, type the microsoft webaddress accordingly, see if it will resolve it. If it does, download the malware removal tool from them. Your network might have been hit by a nasty worm. Do this first and come back with news....
0
 

Author Comment

by:WIZU
ID: 33739454
ran virus and maleware scans, Cisco guy verified everything on router is ok.
0
 
LVL 1

Expert Comment

by:eekygeeky
ID: 33741254
so can the Cisco guy ping hotmail.com from the router? that's pretty important info.

you need to localize the fail here; either your edge is faulty or your gateway is faulty or there is some third factor-AV/webfilter- that has gone belly up)
0
 
LVL 38

Expert Comment

by:ChiefIT
ID: 33741339
Worms can sometimes prevent you from logging onto some sites, like McAfee>>Microsoft>>Symantec..

The way they do this is to poison the DNS HOST record found on each machine. If DNS appears to resolve, your cisco guy is wrong... I think you have an ACL that is blocking HTTP traffic to microsoft sites. If so, that will permit DNS resolution, just not access to the site.

I just pinged Microsoft's web site and got a return IP of 65.55.17.27. This is a class a network. See if you have an ACL on the router that blocks HTTP traffic. It will look like this:

Accesslist 10x (your subnet IP address), (Your reverse subnet mask) 65.0.0.0 0.255.255.255 http

You can check for this by logging onto the router and going into privelged mode and typing:

Sh run
0
 
LVL 38

Expert Comment

by:ChiefIT
ID: 33741355
Another option is to use a portquery:

The syntax will look like this:

portqry -n 65.55.17.27 -o 80 -p both

that is a port query to the IP of 65.55.17.27 on port 80 and looking at both UDP and TCP traffic.

If both are blocked, then you have an ACL on your router..
0
 
LVL 1

Expert Comment

by:kemitHamite
ID: 33741507
@ChiefIT,

Worms do actually what you said, hence the request for WIZU to try and connect to the microsoft site or any other that would not resolve by using a proxy avoider/anonymizer... Until then, I personally cannot serve as much help.

Rgs
0
 

Accepted Solution

by:
WIZU earned 0 total points
ID: 33864637
DHCP had a wrong IP for DNS in there. Once I deleted it everything was fine.
0
 
LVL 1

Expert Comment

by:eekygeeky
ID: 33865189
Bingo, DNS  problem. good to know its fixed
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

A quick step-by-step overview of installing and configuring Carbonite Server Backup.
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now