troubleshooting Question

Can't hit some websites and do nslookup DNS 2008 issues

Avatar of ipers
ipers asked on
DNSMicrosoft Legacy OSInternet Protocols
23 Comments1 Solution1351 ViewsLast Modified:
Hi,

Ever since I’ve upgraded my two DCs to w2008r2 last a couple of months ago I’m having some strange issues with my DNS. Right after the upgrade the computers in my domain were not able to go to the www.sec.gov web site and could not do the nslookup against it until I disabled IPv6 on the both DNS server’s NICs.

Out of these two DNS servers one is a physical machine, while another is a virtual box with a VMXNET3 adapter. On the physical machine I still cannot do nslookup against that address even after disabling the IPv6, while I’m able to go to that website from that server. On the virtual machine I can do both: nslookup and being able to hit that URL.

On my physical machine I get garbage in DNS cache even after I clear it and successfully navigate to the website:

Name    Type     Data     Timestamp
crow     Host (A)            162.138.183.11  static
falcon    Host (A)            162.138.191.11  static
puffin     Host (A)            162.138.191.23  static
(same as parent folder)            Delegation Signer (DS)            [54361][SHA-1][UNKNOWN ALGORITHM][6AAF9E00A1DCF8118305030C90D96467EA67A0C8]          static
(same as parent folder)            Delegation Signer (DS)            [54361][SHA-256][UNKNOWN ALGORITHM][18D03638CB721ADCFA74A28D5BBA7D61208DC6B398A016C1527AF8CFB240F2B6]          static
(same as parent folder)            Delegation Signer (DS)            [61491][SHA-1][UNKNOWN ALGORITHM][4343321649D06D3BAF5B041C1529ED647BC632DC]          static
(same as parent folder)            Delegation Signer (DS)            [61491][SHA-256][UNKNOWN ALGORITHM][87CB8E3F406F49AC099BE1BC24C0998DC56F0B9140BA8DB87AE58EFF94096F83]           static
(same as parent folder)            RR Signature (RRSIG)  [DS][Inception(UTC): ?8/?26/?2010 11:45:11 AM][Expiration(UTC): ?8/?31/?2010 11:45:11 AM][gov.][2][57970]        static
(same as parent folder)   Name Server (NS)          crow.sec.gov.    static
(same as parent folder)   Name Server (NS)          falcon.sec.gov.   static
(same as parent folder)   Name Server (NS)          puffin.sec.gov.    static


On the virtual server I just get this in the DNS cache:

Name    Type     Data     Timestamp
(same as parent folder)   Name Server (NS)          falcon.sec.gov.   static
(same as parent folder)   Name Server (NS)          puffin.sec.gov.    static
(same as parent folder)   Name Server (NS)          crow.sec.gov.    static
(same as parent folder)   Name Server (NS)          penguin.sec.gov.            static
crow     Host (A)            162.138.183.11  static
falcon    Host (A)            162.138.191.11  static
penguin Host (A)            162.138.183.12  static
puffin     Host (A)            162.138.191.23  static
www     Host (A)            162.138.185.31  static
www     Host (A)            162.138.185.32  static
www     Host (A)            162.138.185.33  static


After disabling IPv6 I was able to get to the sec.gov website so I dropped the issue, but last Friday another site is unreachable from my domain -- http://www.icn.state.ia.us/ 

Once I changed my computer’s NIC’s card properties to point to the openDNS address for my DNS server I can get to the site without a problem, so I know the problem is not with the firewall, but with the DNS servers.

After I added openDNS address I can do nslookup against this site:

nslookup www.icn.state.ia.us
Server:  resolver1.opendns.com
Address:  208.67.222.222

Non-authoritative answer:
Name:    xxxxiavmu02.icn.state.ia.us
Address:  165.206.53.104
Aliases:  www.icn.state.ia.us

When I go to my DNS server and lookup the DNS cache this is what it shows for icn.state.ia.us

dns1     Host (A)            165.206.53.253  static
DNS2    Host (A)            165.206.53.248  static


Do you know what it should show in my DNS server’s cache? Do you have any idea what might be going on with my DNS?

Both of my DNS servers have static addresses, point to themselves first and then to each other in the adapter properties.

Thanks.

Join the community to see this answer!
Join our exclusive community to see this answer & millions of others.
Unlock 1 Answer and 23 Comments.
Join the Community
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 23 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros