Solved

Problem resolving a specific URL

Posted on 2010-11-18
7
834 Views
Last Modified: 2012-05-10
We believe we have an internal DNS problem.  We are running Windows Server 2008R2 and Windows XP workstations.  Over 99% of our DNS queries resolve and function properly.  We encountered a problem with users attempting to reach www.gsa.gov on our LAN.  
* We can reach this site by IP address.
* We can resolve and reach the site using gsa.gov but not using www.gsa.gov
* On workstations we can ping or run nslookup using gsa.gov but not using www.gsa.gov
* On domain controllers we can ping or run nslookup using gsa.gov.  We can ping www.gsa.gov, but cannot run nslookup using www.gsa.gov
* We can reach both addresses from our DMZ.  
* We have flushed DNS caches locally and on our domain controllers and were still able to repeate all of the above behaviors.
* Adding an entry for www.gsa.gov on our domain controller allows the domain controller to resolve, but not a workstation, perhaps due to dns forwarding.
* Adding an entry for www.gsa.gov on a local computer, resolves the issue for that computer as expected.  
Any thoughts regarding what might be causing this or how to resolve it?
0
Comment
Question by:isaIT
  • 3
  • 2
  • 2
7 Comments
 
LVL 1

Expert Comment

by:rhenry-ez
ID: 34167225
Out of curiousity, if you statically assign an IP to one of these workstations and set their dns server as an outside dns (Such as 8.8.8.8) does it resolve your issue?
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 34167731

Do you have Forwarders configured on your DNS servers at the moment?

When you attempt to resolve www.gsa.gov using nslookup, what happens? Timeout? Server Failure? Doesn't exist?

Chris
0
 

Author Comment

by:isaIT
ID: 34167950
Thank you for the comments,

When we statically assign an IP to one of the workstations and set their dns server to an outside dns, it does resolve the issue.

We do have DNS forwarders configured for everything outside of our domain..

When we attempt to resolve www.gsa.gov using nslookup it times out.  

Here is another interesting bit of information we just discovered, this doesn't explain why it won’t resolve from our LAN.

When we do an nslookup on www.gsa.gov vs gsa.gov we see different IP addresses depending upon the DNS sever we query.

 Internal nslookup using 12.127.12.67 or 12.127.12.68
-      gsa.gov resolves to  Address: 159.142.144.188
-      www.gsa.gov does not resolve
External lookup using 12.127.12.67 or 12.127.12.68
-      gsa.gov resolves to  Address: 159.142.144.188
-      www.gsa.gov  resolves to 159.142.144.188
External lookup using 8.8.8.8
-      gsa.gov resolves to  Address: 159.142.144.188
-      www.gsa.gov  resolves to 159.142.75.50

Both 159.142.75.50 and 159.142.144.188 bring up the target web site.
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 1

Expert Comment

by:rhenry-ez
ID: 34168000
Are your computers setup to obtain IP addresses via DHCP or Manually? Have you checked to make sure that the DNS that DHCP is assigning is correct?

Thanks
0
 
LVL 70

Accepted Solution

by:
Chris Dent earned 250 total points
ID: 34168052

If you use Forwarders on your DNS servers no amount of clearing the cache will do any good, the answer (or lack of answer) is inherited from the forwarder.

You might try setting your internal DNS server to forward to 8.8.8.8 and 8.8.4.4 (both belong to Google).

Chris
0
 

Author Comment

by:isaIT
ID: 34168058
We are using DHCP.  This appears to be working preperly and is assigning the correct DNS server.
0
 

Author Closing Comment

by:isaIT
ID: 34168141
Thanks for the help Chris.  You rock.
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

I've written instructions for one router type, but this principle may be useful for others of the same brand and even other brands of router. Problem: I had an issue especially with mobile devices that refused to use DNS information supplied via…
BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now