Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Problem resolving a specific URL

Posted on 2010-11-18
7
Medium Priority
?
841 Views
Last Modified: 2012-05-10
We believe we have an internal DNS problem.  We are running Windows Server 2008R2 and Windows XP workstations.  Over 99% of our DNS queries resolve and function properly.  We encountered a problem with users attempting to reach www.gsa.gov on our LAN.  
* We can reach this site by IP address.
* We can resolve and reach the site using gsa.gov but not using www.gsa.gov
* On workstations we can ping or run nslookup using gsa.gov but not using www.gsa.gov
* On domain controllers we can ping or run nslookup using gsa.gov.  We can ping www.gsa.gov, but cannot run nslookup using www.gsa.gov
* We can reach both addresses from our DMZ.  
* We have flushed DNS caches locally and on our domain controllers and were still able to repeate all of the above behaviors.
* Adding an entry for www.gsa.gov on our domain controller allows the domain controller to resolve, but not a workstation, perhaps due to dns forwarding.
* Adding an entry for www.gsa.gov on a local computer, resolves the issue for that computer as expected.  
Any thoughts regarding what might be causing this or how to resolve it?
0
Comment
Question by:isaIT
  • 3
  • 2
  • 2
7 Comments
 
LVL 1

Expert Comment

by:rhenry-ez
ID: 34167225
Out of curiousity, if you statically assign an IP to one of these workstations and set their dns server as an outside dns (Such as 8.8.8.8) does it resolve your issue?
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 34167731

Do you have Forwarders configured on your DNS servers at the moment?

When you attempt to resolve www.gsa.gov using nslookup, what happens? Timeout? Server Failure? Doesn't exist?

Chris
0
 

Author Comment

by:isaIT
ID: 34167950
Thank you for the comments,

When we statically assign an IP to one of the workstations and set their dns server to an outside dns, it does resolve the issue.

We do have DNS forwarders configured for everything outside of our domain..

When we attempt to resolve www.gsa.gov using nslookup it times out.  

Here is another interesting bit of information we just discovered, this doesn't explain why it won’t resolve from our LAN.

When we do an nslookup on www.gsa.gov vs gsa.gov we see different IP addresses depending upon the DNS sever we query.

 Internal nslookup using 12.127.12.67 or 12.127.12.68
-      gsa.gov resolves to  Address: 159.142.144.188
-      www.gsa.gov does not resolve
External lookup using 12.127.12.67 or 12.127.12.68
-      gsa.gov resolves to  Address: 159.142.144.188
-      www.gsa.gov  resolves to 159.142.144.188
External lookup using 8.8.8.8
-      gsa.gov resolves to  Address: 159.142.144.188
-      www.gsa.gov  resolves to 159.142.75.50

Both 159.142.75.50 and 159.142.144.188 bring up the target web site.
0
WatchGuard Case Study: Museum of Flight

“With limited money and limited staffing, we didn’t have a lot of choices in terms of what we could do to bring efficiency. WatchGuard played a central part in changing that.” To provide strong, secure Wi-Fi access within the museum, Hunter chose to deploy WatchGuard’s AP120 APs.

 
LVL 1

Expert Comment

by:rhenry-ez
ID: 34168000
Are your computers setup to obtain IP addresses via DHCP or Manually? Have you checked to make sure that the DNS that DHCP is assigning is correct?

Thanks
0
 
LVL 71

Accepted Solution

by:
Chris Dent earned 1000 total points
ID: 34168052

If you use Forwarders on your DNS servers no amount of clearing the cache will do any good, the answer (or lack of answer) is inherited from the forwarder.

You might try setting your internal DNS server to forward to 8.8.8.8 and 8.8.4.4 (both belong to Google).

Chris
0
 

Author Comment

by:isaIT
ID: 34168058
We are using DHCP.  This appears to be working preperly and is assigning the correct DNS server.
0
 

Author Closing Comment

by:isaIT
ID: 34168141
Thanks for the help Chris.  You rock.
0

Featured Post

WatchGuard Case Study: Museum of Flight

“With limited money and limited staffing, we didn’t have a lot of choices in terms of what we could do to bring efficiency. WatchGuard played a central part in changing that.” To provide strong, secure Wi-Fi access within the museum, Hunter chose to deploy WatchGuard’s AP120 APs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Occasionally you run into the website or two that will not resolve properly using your own DNS servers.  Some people simply set up global forwarders for their DNS server.  I don’t recommend doing this because it can cause problems resolving addresse…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

971 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question