Solved

I can't get out to a specific website

Posted on 2011-02-10
9
392 Views
Last Modified: 2012-05-11
Integrated Active Directory DNS 2003

We have a specific website we can't access from our internal network, but it can be accessed from outside of our network. It's not a web filter issue, it's a dns issue. If I use our internal DNS servers it doesn't work, but if I put in a static DNS like 4.2.2.2, then I can get to the site.

I need some ideas, on how to resolve this DNS issue...
0
Comment
Question by:bernardb
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
9 Comments
 
LVL 71

Expert Comment

by:Chris Dent
ID: 34865667
Using Forwarders or Root Hints? Root Hints is the default, but if you're not sure, pop open the Properties for your DNS server then select the Forwarders tab.

Perhaps the most common cause of obscure resolution failure is EDNS (Extended DNS). This happens because some routers / firewalls silently drop UDP packets larger than 512 bytes. EDNS is a change that means the server advertises support for packets over 512 bytes, if the network hardware doesn't support that as well you end up with trouble.

To test if this is the case, run:

dnscmd /config /EnableEDnsProbes 0

This disabled EDNS, once done, flush the cache with:

dnscmd /ClearCache

Then run:

nslookup www.TheSiteThatFailedBefore.com

Chris
0
 

Author Comment

by:bernardb
ID: 34865774
Here's another piece....

I can get to www.blah.org

but not www.blah.org/dev

internally it doesn't work, but externally from outside of our network I can. it's on the same server etc.
0
 

Author Comment

by:bernardb
ID: 34865805
and the error is 'HTTP 404 - File not found
Internet Explorer'
0
Get Actionable Data from Your Monitoring Solution

Your communication platform is only as good as the relevance of the information you send. Ensure your alerts get to the right people every time with actionable responses. Create escalation rules that ensure everyone follows the process and nothing is left to chance.

 
LVL 71

Expert Comment

by:Chris Dent
ID: 34865806

That takes it out of the hands of DNS.

If you couldn't get to www.blah.org, but could to bob.blah.org we could blame DNS. But if it's a sub-directory under a website DNS is done before you get to the /dev bit.

Chris
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 34865832

> and the error is 'HTTP 404 - File not found ...

Even better, the only thing that can return that is the remote web server. Now you ruled out both DNS and the network layer.

Either the web server is wrong, or we swing back and wonder if you're getting the same answer. Fortunately we can check that:

nslookup www.blah.org
nslookup www.blah.org 8.8.8.8

The first asks your internal DNS server, the second Google's DNS server. Both should return the same thing in almost all cases.

Chris
0
 
LVL 4

Expert Comment

by:evgeny_f31
ID: 34865880
if I put in a static DNS like 4.2.2.2, then I can get to the site
Does it work if you use 4.2.2.2 as dns forwarder address ?
How exactly your network gets the internet - routers, proxy  ?
0
 

Author Comment

by:bernardb
ID: 34866827
Chris-Dent
They return different IP addresses when I tried

nslookup www.blah.org
nslookup www.blah.org 8.8.8.8

The first asks your internal DNS server, the second Google's DNS server. Both should return the same thing in almost all cases.
0
 

Accepted Solution

by:
bernardb earned 0 total points
ID: 34874388
Thanks Everyone.

The issue was we had an A record on our DNS server that pointed to www.blah.org's old internet service provider.

I removed the A record
0
 

Author Closing Comment

by:bernardb
ID: 34904875
Resolved by me, but thanks to all. You Experts are the best.
0

Featured Post

Enroll in June's Course of the Month

June’s Course of the Month is now available! Experts Exchange’s Premium Members, Team Accounts, and Qualified Experts have access to a complimentary course each month as part of their membership—an extra way to sharpen your skills and increase training.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you have a multi-homed DNS setup in windows, you can have issues with connectivity to the server that hosts the DNS services (or even member servers of your domain if this same DNS server is a DC). This is because windows registers all of its IPs…
There have been a lot of times when we have seen the need to enter a large number of DNS entries in a forward lookup zone. The standard procedure would be to launch the DNS Manager console, create the Zone and start adding new hosts using the New…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

689 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question