Solved

Routing issues from some parts of the world. Work from elsewhere

Posted on 2010-11-17
20
854 Views
Last Modified: 2012-05-10
Hi We have a webserver hosting websites from all over the world
We have 2 webservers (one IIS using ASP and one WAMP using PHP)

In front of the server we have invested in a new cisco asa 5500 Router
This has the physical IP 87.116.17.66 and all domain name hosted on the IIS Server is pointing to this IP and then forward it to the IIS server. This is working fine from all over the world.

Then in the cisco router we have setup a 2nd IP:87.116.17.70 and all domain names on the WAMP server is pointing to this ip and router forward s request to WAMP Server

Here are 2 examples

Example 1
www.adpp-mozambique.org is pointing to 87.116.17.66

------------------------------------------------------------------------------------------------------------
I do a trace route:
-------------------------------------------------------------------------------------------------------------
Tracing route to adpp-mozambique.org [87.116.17.66]
over a maximum of 30 hops:

  1     5 ms     1 ms     2 ms  192.168.2.1
  2    18 ms    15 ms    10 ms  10.156.40.1
  3    38 ms    10 ms     *     donc-geam-1a-v11.network.virginmedia.net [62.30.
241.129]
  4    12 ms    12 ms    10 ms  barn-geam-1b-tenge82.network.virginmedia.net [62
.30.252.101]
  5    13 ms    12 ms    12 ms  brad-core-1b-tenge94.network.virginmedia.net [62
.30.252.21]
  6    23 ms    12 ms    10 ms  leed-bb-1b-ae2-0.network.virginmedia.net [212.43
.163.237]
  7    16 ms    16 ms    14 ms  nrth-bb-1a-as0-0.network.virginmedia.net [213.10
5.175.133]
  8    15 ms    15 ms    14 ms  nrth-tmr-1-ae1-0.network.virginmedia.net [213.10
5.159.30]
  9    34 ms    31 ms    28 ms  fran-ic-1-as0-0.network.virginmedia.net [62.253.
185.81]
 10    48 ms    44 ms    43 ms  cr02.frf02.pccwbtn.net [80.81.192.50]
 11    42 ms    41 ms    39 ms  nianet.tenge12-4.br02.ams01.pccwbtn.net.65.218.6
3.in-addr.arpa [63.218.65.50]
 12    56 ms    52 ms    53 ms  ip0x1a1e88.bip.mvb.dk [87.116.17.65]
 13    53 ms    54 ms    51 ms  ip0x1a1e89.bip.mvb.dk [87.116.17.66]
----------------------------------------------------------------------------------------------------
I can ping the whole way to the server. All good


Example 2
new.adpp-mozambique.org is pointing to 87.116.17.70

I do a trace route:
-------------------------------------------------------------------------------------------------------
Tracing route to new.adpp-mozambique.org [87.116.17.70]
over a maximum of 30 hops:

  1     1 ms     1 ms     2 ms  192.168.2.1
  2     9 ms    15 ms    12 ms  10.156.40.1
  3    20 ms    10 ms     *     donc-geam-1a-v11.network.virginmedia.net [62.30.
241.129]
  4    22 ms    27 ms    13 ms  barn-geam-1a-tenge82.network.virginmedia.net [62
.30.252.81]
  5    17 ms    12 ms    22 ms  brad-core-1a-tenge94.network.virginmedia.net [62
.30.252.17]
  6    11 ms    14 ms    13 ms  manc-bb-1a-ae4-0.network.virginmedia.net [212.43
.163.233]
  7    19 ms    21 ms    21 ms  glfd-bb-1b-ae1-0.network.virginmedia.net [213.10
5.175.146]
  8    19 ms    21 ms    22 ms  glfd-tmr-1-ae5-0.network.virginmedia.net [213.10
5.159.46]
  9    30 ms    22 ms     *     redb-ic-1-as0-0.network.virginmedia.net [62.253.
185.78]
 10    18 ms    20 ms    22 ms  cr02.ldn01.pccwbtn.net [195.66.224.167]
 11    30 ms    29 ms    29 ms  nianet.tenge12-4.br02.ams01.pccwbtn.net.65.218.6
3.in-addr.arpa [63.218.65.50]
 12     *       54 ms    43 ms  ip0x1a1e88.bip.mvb.dk [87.116.17.65]
 13     *        *        *     Request timed out.
 14     *        *        *     Request timed out.
 15     *        *        *     Request timed out.
 16     *        *        *     Request timed out.
--------------------------------------------------------------------------------------------------------------


Here is the problem:
I can access both sites and most people can, but we have some people in parts of Africa and in the states that can not access the last website (and the server that it lives on)but can easy access the first one. They are both behind the same router so there does not seem to be routing issue from end user untill they meet our router.

Where do we look for solution on this.
Howcome some only have this problem, and it seem to be quite intermittent
Others who also are around in the world does not have the problem
I will mention that the once with problem, we have tried for them to use google DNS 8.8.8.8 and 8.8.4.4 and it gives the same problem.

Hope someone can guide me in the right direction

Regards
Morten

0
Comment
Question by:morten444
  • 9
  • 6
  • 5
20 Comments
 
LVL 29

Expert Comment

by:Alan Huseyin Kayahan
ID: 34160394
Hello morten444,
   "Then in the cisco router we have setup a 2nd IP:87.116.17.70 "
    How did you do that? Did you request another IP from your ISP? Or you have an existing subnet? Can you post the interface configuration from your router's config?
     In router config, type ping and press enter. Type a public pingable IP, say google's IP.
     Press enter to all prompts untill" Extended commands [n]: ". Press y for extended
     For "Source address or interface", type 87.116.17.70, then press enter for rest.
     If you can PING,  the issue is most probably ISP related. If you cant, please come here with the answer of my above questions

Regards
0
 
LVL 7

Expert Comment

by:kellemann
ID: 34163578
I'm guessing that the first site is using the firewall's own public ip address (87.116.17.66), and that TCP port 80 is PAT'et to some internal webserver address.
The second site is running on an extra ip address (87.116.17.70) within the same subnet. That address is NAT'et to the other internal webserver.
Trace works to the first one, because the ICMP path ends at the firewall's external interface. The second address however, is, for lack of a better word, virtual. It doesn't exist on any physical interface, and only serves to be translated. You can't do a trace to such an address, but I can tell from your trace that it is correctly routed to the firewall.
Please post a sanitized version of the firewall's configuration, and we'll take a closer look at it.
0
 

Author Comment

by:morten444
ID: 34168723
Hi
Thanks for your reply. I will try to get hold of the information requested. I do currently not have access to the router myself, but guess i can get that.

My main question though is it possible that its a router issue if most people world wide can access but people in some places can not?

If it is possible, I guess that its still worth getting the information that you have requested above?

Kind Regards
Morten
0
 
LVL 7

Expert Comment

by:kellemann
ID: 34170879
If the two addresses were from two disjointed ip subnets, I would say yes, routing issues can occur at ISPs which cause this to happen. In this case the two addresses are within the same subnet so it's highly unlikely.
0
 

Author Comment

by:morten444
ID: 34179252
Hi Thanks
Still looking into this

Our ISP Default gateway is 87.116.17.65
Our Interface on Sisco Router is    87.116.17.66
Website with no problem is poiting to this IP

We have 12 Public IP bought from our ISP
One of them is 87.116.17.70.
In the Cisco Router this IP has been setup (not sure if its called virtually as there is only 1 WAN Cable on router.

new.adpp-mozambique.org is on the 87.116.17.70 with problems for some users
same users can access
adpp.mozambique.org that is on 87.116.17.70

I still have no access to router but the person who has installed says this is not a router issue. He belive more its a DNS issue and that we should try to use some reliable DNS servers like 4.2.2.2  to test.

Any other suggestion based on the IP info given here?

0
 

Author Comment

by:morten444
ID: 34179254
Sorry . one writing mistake. The part with the websites and ips should read:
---------------------------------------------------------------------------------------------------------
new.adpp-mozambique.org is on the 87.116.17.70 with problems for some users
same users can access
adpp.mozambique.org that is on 87.116.17.66
---------------------------------------------------------------------------------------------------------
0
 
LVL 29

Expert Comment

by:Alan Huseyin Kayahan
ID: 34179460
Its not a DNS issue. I am trying to trace, but it gets stuck at 17.65
Did you try my suggestion? (ping from source)
Please post the sanitized config.
0
 
LVL 7

Expert Comment

by:kellemann
ID: 34179563
@MrHusy. You can't do a source ping on an ASA like you can on a router. The command isn't there. Also, the ip address is not assigned to any interface, it is simply a NAT (called a "static" on the ASA) entry on the outside interface.
DNS can be an issue, if it is some DNS servers have bad information. Although this is only true, if you actually test access to the website via the DNS name. If you try via the ip address, DNS cannot play a role in the trouble you are having.
0
 
LVL 7

Expert Comment

by:kellemann
ID: 34179576
Simply testing using the ip address should yield a webpage with "e-advice webhosting".
0
 
LVL 29

Expert Comment

by:Alan Huseyin Kayahan
ID: 34179812
I just realized it was an ASA, since it is mentioned as router for the whole conversation.
Then most probably, ASA is denying udp traceroute packets to mapped IP.
That now strenghtens the possibility of DNS issue.
Check syslogs from ASDM and see if firewall denies anything while being tracerouted.
Ask the client who cant connect, to connect via IP and see if it works. Also tell him to run "nslookup  -d2 new.adpp-mozambique.org " and paste the result here.
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 

Author Comment

by:morten444
ID: 34180554
Hi
Thanks Kellermann and MrHusy
I will on monday when they are back in the office let them try do acces via IP:
http://87.116.17.70

and them ask them to issue a command:
nslookup  -d2 new.adpp-mozambique.org and will paste the results here:

Sorry for first beeing able to do this on Monday/Tuesday, but its an office and no one there over weekend.
Will let you know

Kind Regards
Morten
0
 

Author Comment

by:morten444
ID: 34190755
Hi All
I got the end user do run a nslookup  -d2 new.adpp-mozambique.org

I dont understand this much, but must say I am conserned about the last 2 lines:
Name:    new.adpp-mozambique.org.adpp-mozambique.org
Address:  87.116.17.66

When I do it from England where i am, i get the right informations:
Name:    new.adpp-mozambique.org.adpp-mozambique.org
Address:  87.116.17.70

This is a sub web. The main domain name is found on 87.116.17.66, however that should not mean anything as we also have main domains in this server with same problem.
Can some one have a look at the results below and advice where to go from here?
Thanks again

-----------------------------------------------------------------------------------------------------------------------

C:\Users\Sirallank>nslookup  -d2 new.adpp-mozambique.org
------------
SendRequest(), len 38
    HEADER:
        opcode = QUERY, id = 1, rcode = NOERROR
        header flags:  query, want recursion
        questions = 1,  answers = 0,  authority records = 0,  additional = 0

    QUESTIONS:
        8.8.8.8.in-addr.arpa, type = PTR, class = IN

------------
------------
Got answer (82 bytes):
    HEADER:
        opcode = QUERY, id = 1, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 1,  authority records = 0,  additional = 0

    QUESTIONS:
        8.8.8.8.in-addr.arpa, type = PTR, class = IN
    ANSWERS:
    ->  8.8.8.8.in-addr.arpa
        type = PTR, class = IN, dlen = 32
        name = google-public-dns-a.google.com
        ttl = 71264 (19 hours 47 mins 44 secs)

------------
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

------------
SendRequest(), len 61
    HEADER:
       opcode = QUERY, id = 2, rcode = NOERROR
        header flags:  query, want recursion
        questions = 1,  answers = 0,  authority records = 0,  additional = 0

    QUESTIONS:
        new.adpp-mozambique.org.adpp-mozambique.org, type = A, class = IN

------------
------------
Got answer (77 bytes):
    HEADER:
        opcode = QUERY, id = 2, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 1,  authority records = 0,  additional = 0

    QUESTIONS:
        new.adpp-mozambique.org.adpp-mozambique.org, type = A, class = IN
    ANSWERS:
    ->  new.adpp-mozambique.org.adpp-mozambique.org
        type = A, class = IN, dlen = 4
        internet address = 87.116.17.66
        ttl = 43200 (12 hours)

------------
Non-authoritative answer:
------------
SendRequest(), len 61
    HEADER:
        opcode = QUERY, id = 3, rcode = NOERROR
        header flags:  query, want recursion
        questions = 1,  answers = 0,  authority records = 0,  additional = 0

    QUESTIONS:
        new.adpp-mozambique.org.adpp-mozambique.org, type = AAAA, class = IN

------------
------------
Got answer (127 bytes):
    HEADER:
        opcode = QUERY, id = 3, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 0,  authority records = 1,  additional = 0

    QUESTIONS:
        new.adpp-mozambique.org.adpp-mozambique.org, type = AAAA, class = IN
    AUTHORITY RECORDS:
    ->  adpp-mozambique.org
        type = SOA, class = IN, dlen = 54
        ttl = 1800 (30 mins)
        primary name server = ns1.gratisdns.dk
        responsible mail addr = info.e-advice.dk
        serial  = 2010111901
        refresh = 10800 (3 hours)
        retry   = 3600 (1 hour)
        expire  = 2419000 (27 days 23 hours 56 mins 40 secs)
        default TTL = 43200 (12 hours)

------------
Name:    new.adpp-mozambique.org.adpp-mozambique.org
Address:  87.116.17.66

-----------------------------------------------------------------------------------------------
0
 
LVL 29

Expert Comment

by:Alan Huseyin Kayahan
ID: 34191745
Well, the behaviour is pretty odd.
What you ask is new.adpp-mozambique.org, but in the end what you get is new.adpp-mozambique.org.adpp-mozambique.org

adpp-mozambique.org is somehow appended to your query, just like as if you were querying a single hostname within a domain, and domain suffix is added to your query first

I think when you type http://new instead http://new.adpp-mozambique.org to the browser in Sirallank PC , the correct page will show (87.116.17.70)

Most probably some setting or some script or a proxy is modifying the query. Can you post the output of "ipconfig /all" from Sirallank PC?



0
 

Author Comment

by:morten444
ID: 34194672
Hi
You are right.
When he put http://new he gets our ip 87.116.17.70 showing eadvice.dk

Here is his ipconfig /all
I can see there is a potential problem that the domain name appear there. Sirallank say thats thats a domain name for their didicated IP address given to them by their ISP . Is this the problem? If yes what do we/they do?

C:\Users\Sirallank>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : Sirallank-TOSH
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : adpp-mozambique.org

Wireless LAN adapter Wireless Network Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Physical Address. . . . . . . . . : 70-F1-A1-10-7C-62
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : adpp-mozambique.org
   Description . . . . . . . . . . . : Realtek RTL8187B Wireless 802.11b/g 54Mbp
s USB 2.0 Network Adapter
   Physical Address. . . . . . . . . : 70-F1-A1-10-7C-62
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : adpp-mozambique.org
   Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
   Physical Address. . . . . . . . . : 70-5A-B6-83-2D-3E
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::495d:8510:76bf:808%10(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.0.76(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Thursday, November 18, 2010 7:47:23 PM
   Lease Expires . . . . . . . . . . : Monday, November 29, 2010 1:41:47 PM
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DHCPv6 IAID . . . . . . . . . . . : 234890074
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-CF-6F-37-70-5A-B6-83-2D-3E

   DNS Servers . . . . . . . . . . . : 8.8.8.8
                                       8.8.4.4
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:490:38a3:3be3:1cd5(Prefe
rred)
   Link-local IPv6 Address . . . . . : fe80::490:38a3:3be3:1cd5%21(Preferred)
   Default Gateway . . . . . . . . . : ::
   DHCPv6 IAID . . . . . . . . . . . : 251658240
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-CF-6F-37-70-5A-B6-83-2D-3E

   NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.adpp-mozambique.org:

   Connection-specific DNS Suffix  . : adpp-mozambique.org
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::5efe:192.168.0.76%15(Preferred)
   Default Gateway . . . . . . . . . :
   DNS Servers . . . . . . . . . . . : 8.8.8.8
                                       8.8.4.4
   NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{49FE7B7A-9A8E-4D08-899E-FCF28510A0E0}:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Default Gateway . . . . . . . . . :
   NetBIOS over Tcpip. . . . . . . . : Disabled


The other results are the ones when I am not using public DNS servers:

Windows IP Configuration

   Host Name . . . . . . . . . . . . : Sirallank-TOSH
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : adpp-mozambique.org

Wireless LAN adapter Wireless Network Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Physical Address. . . . . . . . . : 70-F1-A1-10-7C-62
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : adpp-mozambique.org
   Description . . . . . . . . . . . : Realtek RTL8187B Wireless 802.11b/g 54Mbp
s USB 2.0 Network Adapter
   Physical Address. . . . . . . . . : 70-F1-A1-10-7C-62
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : adpp-mozambique.org
   Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
   Physical Address. . . . . . . . . : 70-5A-B6-83-2D-3E
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::495d:8510:76bf:808%10(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.0.76(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Thursday, November 18, 2010 7:47:23 PM
   Lease Expires . . . . . . . . . . : Monday, November 29, 2010 1:41:47 PM
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DHCPv6 IAID . . . . . . . . . . . : 234890074
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-CF-6F-37-70-5A-B6-83-2D-3E

   DNS Servers . . . . . . . . . . . : 196.28.224.2
                                       41.220.162.34
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:490:38a3:3be3:1cd5(Prefe
rred)
   Link-local IPv6 Address . . . . . : fe80::490:38a3:3be3:1cd5%21(Preferred)
   Default Gateway . . . . . . . . . : ::
   DHCPv6 IAID . . . . . . . . . . . : 251658240
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-CF-6F-37-70-5A-B6-83-2D-3E

   NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.adpp-mozambique.org:

   Connection-specific DNS Suffix  . : adpp-mozambique.org
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::5efe:192.168.0.76%15(Preferred)
   Default Gateway . . . . . . . . . :
   DNS Servers . . . . . . . . . . . : 196.28.224.2
                                       41.220.162.34
   NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{49FE7B7A-9A8E-4D08-899E-FCF28510A0E0}:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Default Gateway . . . . . . . . . :
   NetBIOS over Tcpip. . . . . . . . : Disabled


0
 
LVL 7

Expert Comment

by:kellemann
ID: 34194816
The behavior is a little strange, since Windows use the suffix list when a fully qualified name is used. This may be an issue with the default DNS server.

Try putting in the following commands and post their output. They will tell us who the DNS servers consider to be authoritative of the adpp-mozambique.org domain.

nslookup
set type=soa
server 8.8.8.8
adpp-mozambique.org
<post output>

New command:
nslookup
set type=soa
server 196.28.224.2
adpp-mozambique.org
<post output>
0
 
LVL 29

Accepted Solution

by:
Alan Huseyin Kayahan earned 250 total points
ID: 34197477
Now everything makes sense. Just as I thought, there is a primary suffix, which is most probably coming from domain membership.

     According to DNS query principals, primary DNS suffix is first added to every query. If query does not return a response, then if exists, connection specific suffixes are tried. And finally, the query is being processesd without suffixes.
    Your problem is, the DNS server which holds adpp-mozambique.org domain, responds to the query new.adpp-mozambique.org.adpp-mozambique.org with an answer, but it SHOULDNT because there is no subdomain with the same name in that domain, and there is no A record there. The DNS server that holds your domain responds to queries of non-existent record with domains IP. For example when I query nslookup bullsiht.adpp-mozambique.org i get a response.
    And since the primary dns suffix appended non existent query returns an answer, query does not proceed to the step that is to query without suffix, which in fact will return the correct IP

   The solution is, call the person in charge in the company that you bought your domain name adpp-mozambique.org, and tell them to configure their DNS server not to respond to non-existent records
0
 

Author Comment

by:morten444
ID: 34197727
Hi
Thanks alot for your reply
Just to make sure i understoond:

"there is a primary suffix, which is most probably coming from domain membership"
You are refering to SirAlansk PC is making a domain logon at their location to a domainame that is dapp-mozambique.org and therefore the primary suffix ?
That means they do not have do to anything on their end/their local dns server or anything with their provider?


We admin all our domain through gratisdns.dk, so we have to contact them to configure dns to only respond to known names on our server. eg adpp-mozambique.org and new.adpp-mozambique.org
Everything else should return "page can not be found".
Is that understood correct?

0
 
LVL 7

Assisted Solution

by:kellemann
kellemann earned 250 total points
ID: 34200442
I doubt that this has anything to do with an Active Directory membership, at least if the ipconfig dumps are representative of the computers. Domain membership depends on internal DNS servers, and can't work against public DNS servers.
As MrHusy points out, what you probably have is a wildcard record on the public DNS server (see http://en.wikipedia.org/wiki/Wildcard_DNS_record). Have them remove this.
That said, I still suspect a problem with the SOA record on the 196.28.224.2 and 41.220.162.34 DNS servers you are using. Please run the nslookup statements requesting SOA information. There may be some local servers which believe they are authoritative, otherwise this would be a global problem.
0
 

Author Comment

by:morten444
ID: 34200562
Hi
Thanks for the help again
I will post another question regarding the :
nslookup
set type=soa
server 8.8.8.8
adpp-mozambique.org
<post output>

New command:
nslookup
set type=soa
server 196.28.224.2
adpp-mozambique.org
<post output>
I am quite new to this so I am not sure how that command line would run and as you 2 have offered so much help so far, I will open a new question with this for additional points

Thanks again
0
 

Author Closing Comment

by:morten444
ID: 34200573
Thanks for all your help guys
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Suggested Solutions

I recently updated from an old PIX platform to the new ASA platform.  While upgrading, I was tremendously confused about how the VPN and AnyConnect licensing works.  It turns out that the ASA has 3 different VPN licensing schemes. "site-to-site" …
Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now