Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 395
  • Last Modified:

I can't get out to a specific website

Integrated Active Directory DNS 2003

We have a specific website we can't access from our internal network, but it can be accessed from outside of our network. It's not a web filter issue, it's a dns issue. If I use our internal DNS servers it doesn't work, but if I put in a static DNS like 4.2.2.2, then I can get to the site.

I need some ideas, on how to resolve this DNS issue...
0
bernardb
Asked:
bernardb
  • 5
  • 3
1 Solution
 
Chris DentPowerShell DeveloperCommented:
Using Forwarders or Root Hints? Root Hints is the default, but if you're not sure, pop open the Properties for your DNS server then select the Forwarders tab.

Perhaps the most common cause of obscure resolution failure is EDNS (Extended DNS). This happens because some routers / firewalls silently drop UDP packets larger than 512 bytes. EDNS is a change that means the server advertises support for packets over 512 bytes, if the network hardware doesn't support that as well you end up with trouble.

To test if this is the case, run:

dnscmd /config /EnableEDnsProbes 0

This disabled EDNS, once done, flush the cache with:

dnscmd /ClearCache

Then run:

nslookup www.TheSiteThatFailedBefore.com

Chris
0
 
bernardbAuthor Commented:
Here's another piece....

I can get to www.blah.org

but not www.blah.org/dev

internally it doesn't work, but externally from outside of our network I can. it's on the same server etc.
0
 
bernardbAuthor Commented:
and the error is 'HTTP 404 - File not found
Internet Explorer'
0
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

 
Chris DentPowerShell DeveloperCommented:

That takes it out of the hands of DNS.

If you couldn't get to www.blah.org, but could to bob.blah.org we could blame DNS. But if it's a sub-directory under a website DNS is done before you get to the /dev bit.

Chris
0
 
Chris DentPowerShell DeveloperCommented:

> and the error is 'HTTP 404 - File not found ...

Even better, the only thing that can return that is the remote web server. Now you ruled out both DNS and the network layer.

Either the web server is wrong, or we swing back and wonder if you're getting the same answer. Fortunately we can check that:

nslookup www.blah.org
nslookup www.blah.org 8.8.8.8

The first asks your internal DNS server, the second Google's DNS server. Both should return the same thing in almost all cases.

Chris
0
 
evgeny_f31Commented:
if I put in a static DNS like 4.2.2.2, then I can get to the site
Does it work if you use 4.2.2.2 as dns forwarder address ?
How exactly your network gets the internet - routers, proxy  ?
0
 
bernardbAuthor Commented:
Chris-Dent
They return different IP addresses when I tried

nslookup www.blah.org
nslookup www.blah.org 8.8.8.8

The first asks your internal DNS server, the second Google's DNS server. Both should return the same thing in almost all cases.
0
 
bernardbAuthor Commented:
Thanks Everyone.

The issue was we had an A record on our DNS server that pointed to www.blah.org's old internet service provider.

I removed the A record
0
 
bernardbAuthor Commented:
Resolved by me, but thanks to all. You Experts are the best.
0

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

  • 5
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now