isaIT
asked on
Problem resolving a specific URL
We believe we have an internal DNS problem. We are running Windows Server 2008R2 and Windows XP workstations. Over 99% of our DNS queries resolve and function properly. We encountered a problem with users attempting to reach www.gsa.gov on our LAN.
* We can reach this site by IP address.
* We can resolve and reach the site using gsa.gov but not using www.gsa.gov
* On workstations we can ping or run nslookup using gsa.gov but not using www.gsa.gov
* On domain controllers we can ping or run nslookup using gsa.gov. We can ping www.gsa.gov, but cannot run nslookup using www.gsa.gov
* We can reach both addresses from our DMZ.
* We have flushed DNS caches locally and on our domain controllers and were still able to repeate all of the above behaviors.
* Adding an entry for www.gsa.gov on our domain controller allows the domain controller to resolve, but not a workstation, perhaps due to dns forwarding.
* Adding an entry for www.gsa.gov on a local computer, resolves the issue for that computer as expected.
Any thoughts regarding what might be causing this or how to resolve it?
* We can reach this site by IP address.
* We can resolve and reach the site using gsa.gov but not using www.gsa.gov
* On workstations we can ping or run nslookup using gsa.gov but not using www.gsa.gov
* On domain controllers we can ping or run nslookup using gsa.gov. We can ping www.gsa.gov, but cannot run nslookup using www.gsa.gov
* We can reach both addresses from our DMZ.
* We have flushed DNS caches locally and on our domain controllers and were still able to repeate all of the above behaviors.
* Adding an entry for www.gsa.gov on our domain controller allows the domain controller to resolve, but not a workstation, perhaps due to dns forwarding.
* Adding an entry for www.gsa.gov on a local computer, resolves the issue for that computer as expected.
Any thoughts regarding what might be causing this or how to resolve it?
rhenry-ez
Out of curiousity, if you statically assign an IP to one of these workstations and set their dns server as an outside dns (Such as 8.8.8.8) does it resolve your issue?
Do you have Forwarders configured on your DNS servers at the moment?
When you attempt to resolve www.gsa.gov using nslookup, what happens? Timeout? Server Failure? Doesn't exist?
Chris
ASKER
Thank you for the comments,
When we statically assign an IP to one of the workstations and set their dns server to an outside dns, it does resolve the issue.
We do have DNS forwarders configured for everything outside of our domain..
When we attempt to resolve www.gsa.gov using nslookup it times out.
Here is another interesting bit of information we just discovered, this doesn't explain why it won’t resolve from our LAN.
When we do an nslookup on www.gsa.gov vs gsa.gov we see different IP addresses depending upon the DNS sever we query.
Internal nslookup using 12.127.12.67 or 12.127.12.68
- gsa.gov resolves to Address: 159.142.144.188
- www.gsa.gov does not resolve
External lookup using 12.127.12.67 or 12.127.12.68
- gsa.gov resolves to Address: 159.142.144.188
- www.gsa.gov resolves to 159.142.144.188
External lookup using 8.8.8.8
- gsa.gov resolves to Address: 159.142.144.188
- www.gsa.gov resolves to 159.142.75.50
Both 159.142.75.50 and 159.142.144.188 bring up the target web site.
When we statically assign an IP to one of the workstations and set their dns server to an outside dns, it does resolve the issue.
We do have DNS forwarders configured for everything outside of our domain..
When we attempt to resolve www.gsa.gov using nslookup it times out.
Here is another interesting bit of information we just discovered, this doesn't explain why it won’t resolve from our LAN.
When we do an nslookup on www.gsa.gov vs gsa.gov we see different IP addresses depending upon the DNS sever we query.
Internal nslookup using 12.127.12.67 or 12.127.12.68
- gsa.gov resolves to Address: 159.142.144.188
- www.gsa.gov does not resolve
External lookup using 12.127.12.67 or 12.127.12.68
- gsa.gov resolves to Address: 159.142.144.188
- www.gsa.gov resolves to 159.142.144.188
External lookup using 8.8.8.8
- gsa.gov resolves to Address: 159.142.144.188
- www.gsa.gov resolves to 159.142.75.50
Both 159.142.75.50 and 159.142.144.188 bring up the target web site.
Are your computers setup to obtain IP addresses via DHCP or Manually? Have you checked to make sure that the DNS that DHCP is assigning is correct?
Thanks
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
We are using DHCP. This appears to be working preperly and is assigning the correct DNS server.
ASKER
Thanks for the help Chris. You rock.