Solved

Can't resolve certain web sites (global)

Posted on 2010-11-08
14
1,037 Views
Last Modified: 2012-05-10
I'm having an issue where my office cannot hit certain web sites.  I've spent countless hours with my ISP trying to resovle this issue but more and more sites are creeping up.

This issue has been ongoing since 10/05/2010 and is only getting worse.  

Below are the list of web sites that I cannot hit.

1. www.paypal.com
2. www.dol.gov
3. www.noaa.gov

-We have a windows 2008 network that has our domain controllers/DNS Servers configured to forward all external DNS requests to my ISP's DNS servers.
-All users clients run Windows XP or Windows 7 that DNS1 & DNS2 point to internal DNS servers
-I have contacted my ISP to troubleshoot these issues wtih no resolution.  
-I have verified that I do not have any access control lists preventing my users hitting these web sites on my firewall and router
-My ISP has added a reverse DNS entry for my IP block
-My ISP has entered a SWIP (I have no idea what this is) for my account.

None of these recommendations has provided a solution.
Is it possible that my IP block has been placed on blacklists?  How would I verify this information?

-Here are example traceroutes that were performed:

WMA-R1#traceroute www.dol.gov
Translating "www.dol.gov"...domain server (65.106.1.196) [OK]

Type escape sequence to abort.
Tracing the route to e1617.b.akamaiedge.net (184.51.182.185)

  1 ip65-47-181-113.z181-47-65.customer.algx.net (65.47.181.113) 4 msec 4 msec 4 msec
  2 ge11-1-4d0.mcr1.chicago-il.us.xo.net (207.88.172.5) 4 msec 4 msec 8 msec
  3 vb1700.rar3.chicago-il.us.xo.net (216.156.0.161) 4 msec 4 msec 4 msec
  4 ae0d1.cir1.chicago2-il.us.xo.net (207.88.13.5) 4 msec 4 msec 4 msec
  5 216.156.72.78.ptr.us.xo.net (216.156.72.78) 4 msec 12 msec 4 msec
  6  *  *  *
  7  *  *  *

WMA-R1#traceroute nhc.noaa.gov
Translating "nhc.noaa.gov"...domain server (65.106.1.196) [OK]

Type escape sequence to abort.
Tracing the route to nhc.noaa.gov (140.90.176.165)

  1 ip65-47-181-113.z181-47-65.customer.algx.net (65.47.181.113) 4 msec 4 msec 4 msec
  2 ge11-1-4d0.mcr2.chicago-il.us.xo.net (207.88.172.13) 32 msec 4 msec 4 msec
  3 ae1d0.mcr1.chicago-il.us.xo.net (216.156.1.81) 4 msec 4 msec 4 msec
  4 vb1700.rar3.chicago-il.us.xo.net (216.156.0.161) 8 msec 4 msec 4 msec
  5 ae0d1.cir1.chicago2-il.us.xo.net (207.88.13.5) 4 msec 4 msec 4 msec
  6 206.111.2.86.ptr.us.xo.net (206.111.2.86) 4 msec 4 msec 4 msec
  7 dca-edge-21.inet.qwest.net (67.14.6.66) 24 msec 24 msec 24 msec
  8 65.123.192.198 24 msec 24 msec 24 msec
  9 140.90.111.46 28 msec 28 msec 20 msec
10 140.90.76.74 24 msec 24 msec 24 msec
11 140.90.60.6 28 msec 24 msec 24 msec
12 140.90.60.1 28 msec 24 msec 24 msec
13  *  *  *
 14  *  *

0
Comment
Question by:HemisFear
  • 8
  • 3
  • 2
  • +1
14 Comments
 
LVL 26

Accepted Solution

by:
jar3817 earned 250 total points
ID: 34085677
"We have a windows 2008 network that has our domain controllers/DNS Servers configured to forward all external DNS requests to my ISP's DNS servers."

Turn that off. Try having your servers recursively get the answers themselves. It doesn't really add any ovehead and it'll probably be faster once your cache builds up.
0
 
LVL 8

Assisted Solution

by:rjwesley
rjwesley earned 250 total points
ID: 34085700
Take a laptop and connect directly to your modem, essentially bypassing your firewall. Is connecting to these sites possible this way?

Rob
0
 

Author Comment

by:HemisFear
ID: 34085702
Jar3817: Is that as simple as going into the properties of each DNS server (WMA-DC1 & WMA-DC3), going into the Forwarders tab and removing the two server entries that I have added?  If I do this, I assume that the servers will immediately begin resolving IP addresses to DNS entries immediately wtih no adverse effects?
0
 

Author Comment

by:HemisFear
ID: 34085710
RJWesley: I'll do that now and report back my findings to you in a moment.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 34085940
Make sure your ISP DNS serevrs are updated this could be causing the problem as well.

You can use 4.2.2.2 and 4.2.2.1
0
 

Author Comment

by:HemisFear
ID: 34085969
UPDATE:  I just bypassed my internal DNS servers and my firewall by connecting my laptop directly to the router and I was able to hit all three web sites without a problem! (Thank you RJWesley)

The question is where do I go from here?

0
 
LVL 8

Expert Comment

by:rjwesley
ID: 34085997
Firewall, what is it?

Rob
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Author Comment

by:HemisFear
ID: 34086005
Cisco PIX 515E
0
 
LVL 8

Expert Comment

by:rjwesley
ID: 34086022
What are your DNS settings in your firewall.

I simply use 8.8.8.8, 4.2.2.1, then ISP DNS.

Rob
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 34086162
Make sure your server is only pointing to internal DNS servers within it's TCP\IP settings.

0
 

Author Comment

by:HemisFear
ID: 34086211
I have attached the configuration of my firewall for your review.  I'm not an L3 technician so I'm a bit unfamiliar with how I should configure the firewall other than asking for your help (up to the commands!)


Firewall-Config-2010-10-21.log
0
 

Author Comment

by:HemisFear
ID: 34087369
There are no DNS server settings on the firewall.  

My router is configured wtih the appropriate DNS server IP addresses which are currently configured on my Windows 2008 DNS servers as forwarding servers.

I have verified that when I change my clients to bipass my internal windows servers, & utilize my ISP's DNS server IP's I can resolve the web sites without a problem.

Why would Windows 2008 DNS servers that are configured to forward their requests directly to my ISP's DNS servers cause this problem?  


0
 

Author Comment

by:HemisFear
ID: 34087647
I found the solution on my own:  It's a windows 2008 R2 DNS server issue.  It is documented here:

http://weblogs.asp.net/owscott/archive/2009/09/15/windows-server-2008-r2-dns-issues.aspx

The solution is to perform the following command on your Windows 2008 R2 DNS servers:

dnscmd /config /EnableEDNSProbes 0

I will award points for you guys for helping me troubleshoot.
0
 

Author Closing Comment

by:HemisFear
ID: 34087821
While the solution wasn't presented completely here, it lead me down the correct path to find the solution on my own.  I am awarding the points.
0

Featured Post

Free camera licenses with purchase of My Cloud NAS

Milestone Arcus software is compatible with thousands of industry-leading cameras for added flexibility. Upon installation on your My Cloud NAS, you will receive two (2) camera licenses already enabled in the software. And for a limited time, get additional camera licenses FREE.

Join & Write a Comment

Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now