Solved

I can't get out to a specific website

Posted on 2011-02-10
9
391 Views
Last Modified: 2012-05-11
Integrated Active Directory DNS 2003

We have a specific website we can't access from our internal network, but it can be accessed from outside of our network. It's not a web filter issue, it's a dns issue. If I use our internal DNS servers it doesn't work, but if I put in a static DNS like 4.2.2.2, then I can get to the site.

I need some ideas, on how to resolve this DNS issue...
0
Comment
Question by:bernardb
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
9 Comments
 
LVL 71

Expert Comment

by:Chris Dent
ID: 34865667
Using Forwarders or Root Hints? Root Hints is the default, but if you're not sure, pop open the Properties for your DNS server then select the Forwarders tab.

Perhaps the most common cause of obscure resolution failure is EDNS (Extended DNS). This happens because some routers / firewalls silently drop UDP packets larger than 512 bytes. EDNS is a change that means the server advertises support for packets over 512 bytes, if the network hardware doesn't support that as well you end up with trouble.

To test if this is the case, run:

dnscmd /config /EnableEDnsProbes 0

This disabled EDNS, once done, flush the cache with:

dnscmd /ClearCache

Then run:

nslookup www.TheSiteThatFailedBefore.com

Chris
0
 

Author Comment

by:bernardb
ID: 34865774
Here's another piece....

I can get to www.blah.org

but not www.blah.org/dev

internally it doesn't work, but externally from outside of our network I can. it's on the same server etc.
0
 

Author Comment

by:bernardb
ID: 34865805
and the error is 'HTTP 404 - File not found
Internet Explorer'
0
MIM Survival Guide for Service Desk Managers

Major incidents can send mastered service desk processes into disorder. Systems and tools produce the data needed to resolve these incidents, but your challenge is getting that information to the right people fast. Check out the Survival Guide and begin bringing order to chaos.

 
LVL 71

Expert Comment

by:Chris Dent
ID: 34865806

That takes it out of the hands of DNS.

If you couldn't get to www.blah.org, but could to bob.blah.org we could blame DNS. But if it's a sub-directory under a website DNS is done before you get to the /dev bit.

Chris
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 34865832

> and the error is 'HTTP 404 - File not found ...

Even better, the only thing that can return that is the remote web server. Now you ruled out both DNS and the network layer.

Either the web server is wrong, or we swing back and wonder if you're getting the same answer. Fortunately we can check that:

nslookup www.blah.org
nslookup www.blah.org 8.8.8.8

The first asks your internal DNS server, the second Google's DNS server. Both should return the same thing in almost all cases.

Chris
0
 
LVL 4

Expert Comment

by:evgeny_f31
ID: 34865880
if I put in a static DNS like 4.2.2.2, then I can get to the site
Does it work if you use 4.2.2.2 as dns forwarder address ?
How exactly your network gets the internet - routers, proxy  ?
0
 

Author Comment

by:bernardb
ID: 34866827
Chris-Dent
They return different IP addresses when I tried

nslookup www.blah.org
nslookup www.blah.org 8.8.8.8

The first asks your internal DNS server, the second Google's DNS server. Both should return the same thing in almost all cases.
0
 

Accepted Solution

by:
bernardb earned 0 total points
ID: 34874388
Thanks Everyone.

The issue was we had an A record on our DNS server that pointed to www.blah.org's old internet service provider.

I removed the A record
0
 

Author Closing Comment

by:bernardb
ID: 34904875
Resolved by me, but thanks to all. You Experts are the best.
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Claiming a Domain Name 7 66
Device browser and/or dns client cache update through web page 7 37
Domain Service Not Responding 14 36
Doing AD cleanup with Powershell 9 57
If you have a multi-homed DNS setup in windows, you can have issues with connectivity to the server that hosts the DNS services (or even member servers of your domain if this same DNS server is a DC). This is because windows registers all of its IPs…
There have been a lot of times when we have seen the need to enter a large number of DNS entries in a forward lookup zone. The standard procedure would be to launch the DNS Manager console, create the Zone and start adding new hosts using the New…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question