Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Unable to access sec.gov by name

Posted on 2010-11-12
7
Medium Priority
?
866 Views
Last Modified: 2012-05-10
We are having an issue accessing sec.gov website, it seems to be hit or miss.  No reports of any other websites not being accessible.  Am pretty sure it is nothing on their side, but something in our DNS.  We are able to get to the site if we connect to our external DSL line or I remote into my home machine.  We are using MS DNS server on our domain controllers. OS = 2008r2. Below are the steps I have gone through, doing "ipconfig /flushdns" and "ipconfig /registerdns" after most steps:

Unable to ping sec.gov
Unable to ping sec.gov by IP - most likely have responses turned off
Added googles public dns as a forwarder on our DNS servers (with our ISP provided DNS servers) and moved it to top of the list.
Removed our ISPs provided DNS server and left just the google DNS server  
Restart DNS server service

The below work, but are just work arounds not resolutions:
Statically set the DNS server in the NIC to googles public dns (8.8.8.8) and able to get out without issue.
Able to access the site by typing the IP address instead of the name

Any other assistance troubleshooting this would be great.  Thanks ahead of time.
0
Comment
Question by:DebelloCaminus
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
7 Comments
 
LVL 9

Expert Comment

by:avilov
ID: 34125022
check if your DNS server has conditional forwarding set for that domain
0
 

Author Comment

by:DebelloCaminus
ID: 34125577
Avilov,
   Thanks for the response.  Checked conditional forwarding on both servers and there are none set.  Also for more information.  This does seems to be only happening in our 1 site, out of 4.  All DNS servers are suppose to be replicating with each other and they seem to be without issue.  I went through all settings of the dns server that seems to work ok and the one that isn't.

I turned on logging and attempted to access sec.gov again.  Everything seems to be ok to me.  I can attached log if needed.

Thanks again
0
 
LVL 12

Accepted Solution

by:
Amit Bhatnagar earned 2000 total points
ID: 34838727
Try this :

Run this command on the Server with this issue :

dnscmd /Config /EnableEDnsProbes 0

As per article. It is for 2003 but i have noticed and resolved similar issues in 2008 as well.

http://support.microsoft.com/kb/828731
0
Introducing the WatchGuard 420 Access Point

WatchGuard's newest access point includes an 802.11ac Wave 2 chipset, providing the fastest speeds for VoIP, video and music streaming, and large data file transfers. Additionally, enjoy the benefits of strong security as the 3rd radio delivers dedicated WIPS protection!

 

Author Comment

by:DebelloCaminus
ID: 34843695
This article actually makes sense.  We are using a Cisco ASA device for our firewall and its an older version of the IOS.  My only question would be, is anything else dependent on the EDNS being enabled?  As a current work around I statically set an outside dns server (8.8.8.8) as in our DHCP options.
0
 
LVL 12

Expert Comment

by:Amit Bhatnagar
ID: 34848235
None..It's a feature which was started with Windows 2003 and I was working with Microsoft Networking Team at that time. We disabled this feature in almost 100% of all the issues that came by us and it worked. No one came back saying disabling it broke one of the other functionalities.

Do try it and let us know the result :)

-Amit Bhatnagar.
0
 

Author Comment

by:DebelloCaminus
ID: 34852793
Amit,
   Thanks for the info.  I ran the commands on both our DNS servers and removed the 8.8.8.8 entry from our DHCP options.  Ran ipconfig /flushdns and ipconfig /registerdns for good measure and am able to get to all the sites I wasn't able to before!

Thanks again
0
 
LVL 12

Expert Comment

by:Amit Bhatnagar
ID: 34859058
Glad it worked !! :)
-Amit.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I will assume you are running a non-server version of some sort of Windows throughout this article. There are many flavors of Windows since Windows Server 2000 - 2008, XP Home & Pro, Vista Home & Pro, and Windows 7 Starter, Home, Pro, Ultimate, etc.…
BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question